Mark,
A full list of the switches are located on the F-Prot site at the
following address:
http://www.f-prot.com/support/windows/fpwin_faq/20.html
Sometimes we must make assumptions about what these things mean. I
believe that the three switches that you asked about are commonly used
by Declude users on the lists, though I am not sure what the manual
might be listing at this time.
Matt
Mark Reimer wrote:
Matt,
My config is similar to yours except you have AI/Packed/SERVER.
What are
the additional benefits to using these switches?
Mark Reimer
IT Project Manager
American CareSource
214-596-2464
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matt
Sent: Friday, March 24, 2006 5:44 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Containing: Possibly a new
variant of JS/ virus
Kami,
This is F-Prot that is detecting this and not Declude. I believe that
the reason is the "/PARANOID" switch that you are using. This is not a
commonly used switch and it's not documented in the executable's help.
Here's my config for F-Prot. I believe this should stop your issues if
you change to it:
C:\Progra~1\FSI\F-Prot\fpcmd.exe /AI /SILENT /NOBOOT /NOMEM
/ARCHIVE=5 /PACKED /SERVER /DUMB /REPORT=report.txt
I have no virus hits that match what you are showing for F-Prot using
this config.
Matt
Kami Razvan wrote:
Hi Matt..
thanks for your quick reply. Here is the
virus log entries:
03/24/2006 14:34:08.042 q49aa01741b4f.smd
Vulnerability flags = 0
03/24/2006 14:34:10.777 q49aa01741b4f.smd Virus scanner 1 reports
exit code of 0
03/24/2006 14:34:11.871 q49aa01741b4f.smd Virus scanner 2 reports
exit code of 8
03/24/2006 14:34:11.965 q49aa01741b4f.smd Scanner 2: Virus=
Possibly a new variant of JS/ Attachment=[HTML segment] [17] I
03/24/2006 14:34:12.012 q49aa01741b4f.smd File(s) are INFECTED [
Possibly a new variant of JS/: 8]
03/24/2006 14:34:12.059 q49aa01741b4f.smd Deleting file with virus
03/24/2006 14:34:12.121 q49aa01741b4f.smd Deleting E-mail with
virus!
03/24/2006 14:34:12.153 q49aa01741b4f.smd Scanned: CONTAINS A VIRUS
[MIME: 1 2652]
03/24/2006 14:34:12.184 q49aa01741b4f.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming
from 10.119.249.109]
03/24/2006 14:34:12.215 q49aa01741b4f.smd Subject: Response
here is our entries in the virus.cfg file
SCANFILE1
C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM
/NOBEEP /PANALYZE /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt
VIRUSCODE1 13
REPORT1Found
# F-PROT - 2nd scanner
SCANFILE2 C:\Progra~1\FSI\F-Prot\fpcmd.exe
-AI /TYPE /SILENT /server /PARANOID /NOMEM /ARCHIVE=5 /PACKED /NOBOOT
/DUMB /REPORT=report.txt
VIRUSCODE2 3
VIRUSCODE2 6
VIRUSCODE2 8
REPORT2 Infection:
# AVG - 3rd Scanner
SCANFILE3 C:\Progra~1\Grisoft\AVG7\avgscan.exe /NOMEM /NOBOOT
/NOHIMEM /NOSELF /ARC /RT /ARCW /RTW /MACROW /REPORT=report.txt
VIRUSCODE34
VIRUSCODE35
VIRUSCODE36
VIRUSCODE37
VIRUSCODE39
REPORT3 identified
# CLAM-
4th Scanner
SCANFILE4C:\clamav-devel\bin\clamscan.exe --quiet --log-verbose
--no-summary --max-ratio 0 -l report.txt
VIRUSCODE4 1
Hope that helps..
Regards,
- Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Matt
Sent: Friday, March 24, 2006 5:56 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Containing: Possibly a new
variant of JS/ virus
Kami,
You might want to post your full Declude Virus log snippet for one such
message and identify both your Declude version and your virus scanners.
Matt
