Re: [Declude.Virus] Vulnerability Logging
Looking at the logging in terms of vulnerabilities I noticed that under certain circumstances it does not print out the "File(s) are Infected" line when the vulnerability is found in the subject or from field. That is correct. We are aware of this. Also, in terms of when it catches the vulnerability in something other than the subject what does "[X-1:" stand for? 08/31/2004 01:38:01 Q0eb966f604807108 Outlook 'CR' vulnerability [X-1: At Bi] in line 8 The Outlook 'CR' Vulnerability can occur in any header. In this case, it occurred in a header that began with "X-1: At Bi...". For example, it may have been a header "X-1: At Billy's Bar and Grill we sent you this E-mail". -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Vulnerability Logging
R. Scott Perry writes: Looking at the logging in terms of vulnerabilities I noticed that under certain circumstances it does not print out the "File(s) are Infected" line when the vulnerability is found in the subject or from field. That is correct. We are aware of this. Is this something that you anticipate being changed or fixed in a future version? Thanks Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Possible new virus?
I am seeing e-mail being caught with the Space Gap vulnerability. A user requested the file and upon investigating, it includes a scr or pif file. Declude Virus log is showing a jpg or gif image. The first line of the body is a link to the ad site yimg.com to gif or jpg images on that site. The D file is 108kb in size. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS/IFromot.A
I have received a report of this today as using a forged sender. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Markus Gufler > Sent: Monday, September 06, 2004 10:42 PM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] JS/IFromot.A > > > I can see some few appearances of JS/IFromot.A. > Looks like this are spam messages containing suspicious code and the > sender-adress is forged. > > So if other people is also seeing IFromot, maybe it should be added to the > forged-list. > > Markus > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] JS/Zerolin
Hi, I am seeing my McAfee scanner catch these JS/Zerolin viruses but FProt (3.15a) does not see them at all. Does anyone know why that might be? Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] JS/Zerolin
Like you, AVG and F-Prot don't catch them here but Virusscan does. Declude Virus does toss out a warning: Warning: file#=224 (0224.js ... ) Also seems to be a dictionary type attack given the recipients names. 09/05/2004 11:08:01 Q39d809bf029cc654 MIME file: [text/html][quoted-printable; Length=2086 Checksum=144666] 09/05/2004 11:08:01 Q39d809bf029cc654 Found potentially dangerous stuff in D:\IMail\spool\D39d809bf029cc654.vir\0.! 09/05/2004 11:08:02 Q39d809bf029cc654 Warning: file#=224 (0224.js ... ) 09/05/2004 11:08:02 Q39d809bf029cc654 Scanner 3: Virus= the JS/Zerolin trojan !!! Attachment=[Unknown: Err] [26] O 09/05/2004 11:08:02 Q39d809bf029cc654 File(s) are INFECTED [ the JS/Zerolin trojan !!!: 13] 09/05/2004 11:08:02 Q39d809bf029cc654 Scanned: CONTAINS A VIRUS [MIME: 2 2344] 09/05/2004 11:08:02 Q39d809bf029cc654 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from 203.200.31.7] 09/05/2004 11:08:02 Q39d809bf029cc654 Subject: submissions end september 28th - Sun, 05 Sep 2004 14:05:50 -0200 Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 09/07/04 04:26PM >>> Hi, I am seeing my McAfee scanner catch these JS/Zerolin viruses but FProt (3.15a) does not see them at all. Does anyone know why that might be? Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS/IFromot.A
I have received a report of this today as using a forged sender. This is now being treated as a forging virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] JS/IFromot.A
Us as well...had a rather unfriendly postmaster at ml.org send us a nastygram saying we were now blocked from sending to him. We sent a friendly reply back, but I don't know if he'll receive it. Scott, got any idea when this will make it to the forging list? Based on this I'm considering not sending any virus notifications at all. I certainly agree in sentiment with the guy at ml.org that notifications should not be sent for forging viruses, just not with the unprofessional way that he handled it. There certainly seems to be a growing lack of cooperation from some mail admins due to the escalation in spam and virus content over the past couple of years... Darin. - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 07, 2004 5:22 PM Subject: RE: [Declude.Virus] JS/IFromot.A I have received a report of this today as using a forged sender. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Markus Gufler > Sent: Monday, September 06, 2004 10:42 PM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] JS/IFromot.A > > > I can see some few appearances of JS/IFromot.A. > Looks like this are spam messages containing suspicious code and the > sender-adress is forged. > > So if other people is also seeing IFromot, maybe it should be added to the > forged-list. > > Markus > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] JS/IFromot.A
Thanks, Scott. Darin. - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 07, 2004 5:37 PM Subject: RE: [Declude.Virus] JS/IFromot.A >I have received a report of this today as using a forged sender. This is now being treated as a forging virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS/IFromot.A
I received one of those as well (from a different domain) and explained thanking for the information and to remember that it takes time to fully understand what a virus does/spread, and this one appears to be a slow spreader, as I have only seen 5 today so far. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Darin Cox > Sent: Tuesday, September 07, 2004 2:43 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] JS/IFromot.A > > Us as well...had a rather unfriendly postmaster at ml.org send us a > nastygram saying we were now blocked from sending to him. We sent a > friendly reply back, but I don't know if he'll receive it. > > Scott, got any idea when this will make it to the forging list? > > Based on this I'm considering not sending any virus notifications at all. I > certainly agree in sentiment with the guy at ml.org that notifications > should not be sent for forging viruses, just not with the unprofessional way > that he handled it. > > There certainly seems to be a growing lack of cooperation from some mail > admins due to the escalation in spam and virus content over the past couple > of years... > > Darin. > > > - Original Message - > From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, September 07, 2004 5:22 PM > Subject: RE: [Declude.Virus] JS/IFromot.A > > > I have received a report of this today as using a forged sender. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > -Original Message- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > > On Behalf Of Markus Gufler > > Sent: Monday, September 06, 2004 10:42 PM > > To: [EMAIL PROTECTED] > > Subject: [Declude.Virus] JS/IFromot.A > > > > > > I can see some few appearances of JS/IFromot.A. > > Looks like this are spam messages containing suspicious code and the > > sender-adress is forged. > > > > So if other people is also seeing IFromot, maybe it should be added to the > > forged-list. > > > > Markus > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] JS/IFromot.A
We did similarly, but have no idea whether they actually put the block in place and will receive the response. Darin. - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 07, 2004 5:51 PM Subject: RE: [Declude.Virus] JS/IFromot.A I received one of those as well (from a different domain) and explained thanking for the information and to remember that it takes time to fully understand what a virus does/spread, and this one appears to be a slow spreader, as I have only seen 5 today so far. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Darin Cox > Sent: Tuesday, September 07, 2004 2:43 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] JS/IFromot.A > > Us as well...had a rather unfriendly postmaster at ml.org send us a > nastygram saying we were now blocked from sending to him. We sent a > friendly reply back, but I don't know if he'll receive it. > > Scott, got any idea when this will make it to the forging list? > > Based on this I'm considering not sending any virus notifications at all. I > certainly agree in sentiment with the guy at ml.org that notifications > should not be sent for forging viruses, just not with the unprofessional way > that he handled it. > > There certainly seems to be a growing lack of cooperation from some mail > admins due to the escalation in spam and virus content over the past couple > of years... > > Darin. > > > - Original Message - > From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, September 07, 2004 5:22 PM > Subject: RE: [Declude.Virus] JS/IFromot.A > > > I have received a report of this today as using a forged sender. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > -Original Message- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > > On Behalf Of Markus Gufler > > Sent: Monday, September 06, 2004 10:42 PM > > To: [EMAIL PROTECTED] > > Subject: [Declude.Virus] JS/IFromot.A > > > > > > I can see some few appearances of JS/IFromot.A. > > Looks like this are spam messages containing suspicious code and the > > sender-adress is forged. > > > > So if other people is also seeing IFromot, maybe it should be added to the > > forged-list. > > > > Markus > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] JS/Zerolin
Scott, What is interesting is that I do not get the warning message that you get! What version of F-Prot are you using? Declude? I am using 1.79i8 09/07/2004 01:55:09 Q4d2710a401bcc5b2 MIME file: [text/html][quoted printable; Length=1452 Checksum=129510] 09/07/2004 01:55:10 Q4d2710a401bcc5b2 Scanner 2: Virus= the JS/Zerolin trojan !!! Attachment= [2] O 09/07/2004 01:55:10 Q4d2710a401bcc5b2 File(s) are INFECTED [ the JS/Zerolin trojan !!!: 13] 09/07/2004 01:55:10 Q4d2710a401bcc5b2 Scanned: CONTAINS A VIRUS [MIME: 2 1718] 09/07/2004 01:55:10 Q4d2710a401bcc5b2 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from 218.13.55.73] 09/07/2004 01:55:10 Q4d2710a401bcc5b2 Subject: appointment reminder Goran Jovanovic The LAN Shoppe > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of Scott Fisher > Sent: Tuesday, September 07, 2004 5:35 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] JS/Zerolin > > Like you, AVG and F-Prot don't catch them here but Virusscan does. Declude > Virus does toss out a warning: Warning: file#=224 (0224.js ... ) > > Also seems to be a dictionary type attack given the recipients names. > > 09/05/2004 11:08:01 Q39d809bf029cc654 MIME file: [text/html][quoted- > printable; Length=2086 Checksum=144666] > 09/05/2004 11:08:01 Q39d809bf029cc654 Found potentially dangerous stuff in > D:\IMail\spool\D39d809bf029cc654.vir\0.! > 09/05/2004 11:08:02 Q39d809bf029cc654 Warning: file#=224 (0224.js ... > ) > 09/05/2004 11:08:02 Q39d809bf029cc654 Scanner 3: Virus= the JS/Zerolin > trojan !!! Attachment=[Unknown: Err] [26] O > 09/05/2004 11:08:02 Q39d809bf029cc654 File(s) are INFECTED [ the > JS/Zerolin trojan !!!: 13] > 09/05/2004 11:08:02 Q39d809bf029cc654 Scanned: CONTAINS A VIRUS [MIME: 2 > 2344] > 09/05/2004 11:08:02 Q39d809bf029cc654 From: [EMAIL PROTECTED] To: > [EMAIL PROTECTED] [outgoing from 203.200.31.7] > 09/05/2004 11:08:02 Q39d809bf029cc654 Subject: submissions end september > 28th - Sun, 05 Sep 2004 14:05:50 -0200 > > Scott Fisher > Director of IT > Farm Progress Companies > > >>> [EMAIL PROTECTED] 09/07/04 04:26PM >>> > Hi, > > I am seeing my McAfee scanner catch these JS/Zerolin viruses but FProt > (3.15a) does not see them at all. > > Does anyone know why that might be? > > > > Goran Jovanovic > The LAN Shoppe > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] JS/IFromot.A
>From noon yesterday through about midnight this morning, we received over 400 of these bounced to our postmaster account as undeliverable. They were very high in volume due to the dictionary type of address propagation. I blocked it before it was treated as forging, but I am very, very close to turning off the recip.eml totally as it doesn't seem to have any value unless there are macro viruses infecting documents. Seems that the only issues with false positives have been vulnerabilities and occasionally banned extensions. I wonder if there is a good way to set a ONLYSENDIFVIRUSNAMEHAS (v1.77) that will match macro viruses in the names most commonly used??? Or better yet, I wonder if there is a list somewhere of classifications that are used in naming conventions by F-Prot, AVG and McAfee, for instance this one started with "JS/", and I would imagine that all JS/ viruses don't need notifications. Ok, back to hibernation for me :) Matt John Tolmachoff (Lists) wrote: I received one of those as well (from a different domain) and explained thanking for the information and to remember that it takes time to fully understand what a virus does/spread, and this one appears to be a slow spreader, as I have only seen 5 today so far. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Tuesday, September 07, 2004 2:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] JS/IFromot.A Us as well...had a rather unfriendly postmaster at ml.org send us a nastygram saying we were now blocked from sending to him. We sent a friendly reply back, but I don't know if he'll receive it. Scott, got any idea when this will make it to the forging list? Based on this I'm considering not sending any virus notifications at all. I certainly agree in sentiment with the guy at ml.org that notifications should not be sent for forging viruses, just not with the unprofessional way that he handled it. There certainly seems to be a growing lack of cooperation from some mail admins due to the escalation in spam and virus content over the past couple of years... Darin. - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 07, 2004 5:22 PM Subject: RE: [Declude.Virus] JS/IFromot.A I have received a report of this today as using a forged sender. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Markus Gufler Sent: Monday, September 06, 2004 10:42 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] JS/IFromot.A I can see some few appearances of JS/IFromot.A. Looks like this are spam messages containing suspicious code and the sender-adress is forged. So if other people is also seeing IFromot, maybe it should be added to the forged-list. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.Virus] F-Prot Update Problems
I am running F-Prot 3.15a (this was also happening with 3.15). When I installed I also installed the Scheduler and Updater. Now the Scheduler is running as a service and has been told to update the definitions every 4 hours. This works a lot of the time but sporadically the Updater ends up with an error message on the screen that "I was not able to reach the Internet" and it is waiting for a click. At this point no more Updates are run until you click (not good). I tried running the updater.exe /internet /quit command from a batch file but I found that it also seemed to get the same problem occasionally. Now I am not sure if it was the updater batch file of if the scheduler was creating the problem. When I was running the batch file (via Windows Task Scheduler) I had tried to disable the scheduler but it always seemed to want to run even if I told it not to run on startup. For you folks out there using the 3.15(a) version are you seeing the same problems or not? Any help on this would be appreciated. Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Update Problems
I haven't seen that problem in my server. Occasionally I see it in my personal pc that runs f-prot, but when I double check I just realize that I actually don't have an internet connection. Perhaps it is a problem with your network card that is sporadically down, or your internet is not being very stable lately. -Luis Arango > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of Goran Jovanovic > Sent: Tuesday, September 07, 2004 9:15 PM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] F-Prot Update Problems > > I am running F-Prot 3.15a (this was also happening with 3.15). When I > installed I also installed the Scheduler and Updater. Now the Scheduler > is running as a service and has been told to update the definitions > every 4 hours. This works a lot of the time but sporadically the Updater > ends up with an error message on the screen that "I was not able to > reach the Internet" and it is waiting for a click. At this point no more > Updates are run until you click (not good). > > I tried running the updater.exe /internet /quit command from a batch > file but I found that it also seemed to get the same problem > occasionally. Now I am not sure if it was the updater batch file of if > the scheduler was creating the problem. When I was running the batch > file (via Windows Task Scheduler) I had tried to disable the scheduler > but it always seemed to want to run even if I told it not to run on > startup. > > For you folks out there using the 3.15(a) version are you seeing the > same problems or not? > > Any help on this would be appreciated. > > Thanx > > > > Goran Jovanovic > The LAN Shoppe > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > __ > [Email scanned for viruses by Panda Consulting -www.pandacons.com-] > [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.