[Declude.Virus] New feature needed
Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New feature needed
Added to the development wish list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 2:12 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New feature needed
David, Any idea when it might make it as a feature in the code? Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, June 20, 2006 2:58 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed Added to the development wish list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 2:12 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
re: [Declude.Virus] New feature needed
I asked about the possibility of per domain replies several months ago. I would hope that it has already been placed on the wish list. It is especially useful when you have users speaking different languages and you want to have language specific messages linked to each domain. Gary Original Message From: Goran Jovanovic [EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 2:30 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] New feature needed
I would like to suggest a new feature to be added to the virus notification capabilities. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I do some limited customization using filters/rules on the domain in Imail ... this has let me filter out notifications and deleting the message automatically for domains that didn't want the notifications, or redirect the notifications to another administrator if needed. It adds an extra layer to the mail movement, but it works for now. David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New feature needed
Gary, I have not even thought of something like that (since all my customers are English speaking) but you are absolutely right. So David will we be seeing this new feature next week? :) Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Tuesday, June 20, 2006 3:24 PM To: declude.virus@declude.com Subject: re: [Declude.Virus] New feature needed I asked about the possibility of per domain replies several months ago. I would hope that it has already been placed on the wish list. It is especially useful when you have users speaking different languages and you want to have language specific messages linked to each domain. Gary Original Message From: Goran Jovanovic [EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 2:30 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] another new virus
I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude). The messages are all around 86k in size, and contain a gif and an encrypted zip file. It pretends to be sending you a password for some unnamed account.Following is what VirusTotoal says: Antivirus Version Update Result AntiVir 6.35.0.13 06.20.2006 no virus found Authentium 4.93.8 06.20.2006 Not scanned (encrypted) Avast 4.7.844.0 06.20.2006 no virus found AVG 386 06.20.2006 no virus found BitDefender 7.2 06.20.2006 no virus found CAT-QuickHeal 8.00 06.20.2006 no virus found ClamAV devel-20060426 06.20.2006 no virus found DrWeb 4.33 06.20.2006 no virus found eTrust-InoculateIT 23.72.43 06.20.2006 no virus found eTrust-Vet 12.6.2265 06.20.2006 no virus found Ewido 3.5 06.20.2006 no virus found Fortinet 2.77.0.0 06.20.2006 no virus found F-Prot 3.16f 06.20.2006 suspicious Ikarus 0.2.65.0 06.20.2006 no virus found Kaspersky 4.0.2.24 06.20.2006 no virus found McAfee 4788 06.20.2006 no virus found Microsoft 1.1441 06.20.2006 password protected NOD32v2 1.1611 06.20.2006 error - password-protected file Norman 5.90.21 06.20.2006 Mitglied.gen Panda 9.0.0.4 06.20.2006 no virus found Sophos 4.06.0 06.20.2006 no virus found Symantec 8.0 06.20.2006 no virus found TheHacker 5.9.8.162 06.20.2006 no virus found UNA 1.83 06.20.2006 no virus found VBA32 3.11.0 06.20.2006 no virus found VirusBuster 4.3.7:9 06.20.2006 I-Worm.Bagle.ZIP.Gen ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] New feature needed
I do some limited customization using filters/rules on the domain in Imail ... This might work for you but I gateway most of my domains so this does not seem like a good option for me. Also since I have per-domain configs in Declude these notifications should be handled in the same way Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New feature needed
Not sure yet, but not for at least the next 60 days. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 3:23 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed David, Any idea when it might make it as a feature in the code? Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, June 20, 2006 2:58 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed Added to the development wish list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 2:12 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the virus is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the to do list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] another new virus
Ditto. F-Prot notices that the zip file is password protected and I can see that there is a very-Bagle-ish gif fileof the password. David Barker's earlier response of using: BANEXT EZIP in your virus.cfg will work to catch these. I received a single copy, and it was from a likely zombie due to the reverse DNS I noted. I submitted my sample to Trend and to ClamAV. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary SteinerSent: Tuesday, June 20, 2006 12:42 PMTo: declude.virus@declude.comSubject: [Declude.Virus] another new virus I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude). The messages are all around 86k in size, and contain a gif and an encrypted zip file. It pretends to be sending you a password for some unnamed account.Following is what VirusTotoal says: Antivirus Version Update Result AntiVir 6.35.0.13 06.20.2006 no virus found Authentium 4.93.8 06.20.2006 Not scanned (encrypted) Avast 4.7.844.0 06.20.2006 no virus found AVG 386 06.20.2006 no virus found BitDefender 7.2 06.20.2006 no virus found CAT-QuickHeal 8.00 06.20.2006 no virus found ClamAV devel-20060426 06.20.2006 no virus found DrWeb 4.33 06.20.2006 no virus found eTrust-InoculateIT 23.72.43 06.20.2006 no virus found eTrust-Vet 12.6.2265 06.20.2006 no virus found Ewido 3.5 06.20.2006 no virus found Fortinet 2.77.0.0 06.20.2006 no virus found F-Prot 3.16f 06.20.2006 suspicious Ikarus 0.2.65.0 06.20.2006 no virus found Kaspersky 4.0.2.24 06.20.2006 no virus found McAfee 4788 06.20.2006 no virus found Microsoft 1.1441 06.20.2006 password protected NOD32v2 1.1611 06.20.2006 error - password-protected file Norman 5.90.21 06.20.2006 Mitglied.gen Panda 9.0.0.4 06.20.2006 no virus found Sophos 4.06.0 06.20.2006 no virus found Symantec 8.0 06.20.2006 no virus found TheHacker 5.9.8.162 06.20.2006 no virus found UNA 1.83 06.20.2006 no virus found VBA32 3.11.0 06.20.2006 no virus found VirusBuster 4.3.7:9 06.20.2006 I-Worm.Bagle.ZIP.Gen---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
Re: [Declude.Virus] New feature needed
We use the Imail inbound rules to achieve this, scan for the message subject (that you define in the .eml file) in the inbound rule for the respective domain and forward it to wherever you want. AIR David Barker schrieb: Not sure yet, but not for at least the next 60 days. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 3:23 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed David, Any idea when it might make it as a feature in the code? Goran Jovanovic Omega Network Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Barker Sent: Tuesday, June 20, 2006 2:58 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New feature needed Added to the development wish list. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Goran Jovanovic Sent: Tuesday, June 20, 2006 2:12 PM To: declude.virus@declude.com Subject: [Declude.Virus] New feature needed Hi, I would like to suggest a new feature to be added to the virus notification capabilities. Right now to notify a recipient that I stopped a virus I have a recip.eml file in my main delude directory. There is another recip-vulnerability.eml file that is used if the "virus" is a vulnerability. These two files are all or nothing files. Meaning that all recipients for all the domains that I process are in the same file. I need to be able to specify a per domain recip.eml file. This way I can tailor the notifications to each domain as appropriate. These files should be in the domain subdirectory along with the $default$.junkfile etc. I am faced with the challenge right now for a single domain to send all virus notification to one person only or to stop all notifications to that domain. To the best of my knowledge I cannot redirect all the notifications to the one person for that domain and to the original recipients for all the other domains. Another feature that should be added to the *.eml files is the ability to do a BCC to a monitoring address. This is a good way to monitor what is happening with banned files, viruses or whatever notification processes we have setup. So can you please add this to the "to do" list Thank you Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
RE: [Declude.Virus] another new virus
... and here'sone writeup on that new Bagle: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBAGLE%2EFNVSect=T Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Tuesday, June 20, 2006 1:17 PMTo: declude.virus@declude.comSubject: RE: [Declude.Virus] another new virus Ditto. F-Prot notices that the zip file is password protected and I can see that there is a very-Bagle-ish gif fileof the password. David Barker's earlier response of using: BANEXT EZIP in your virus.cfg will work to catch these. I received a single copy, and it was from a likely zombie due to the reverse DNS I noted. I submitted my sample to Trend and to ClamAV. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary SteinerSent: Tuesday, June 20, 2006 12:42 PMTo: declude.virus@declude.comSubject: [Declude.Virus] another new virus I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude). The messages are all around 86k in size, and contain a gif and an encrypted zip file. It pretends to be sending you a password for some unnamed account.Following is what VirusTotoal says: Antivirus Version Update Result AntiVir 6.35.0.13 06.20.2006 no virus found Authentium 4.93.8 06.20.2006 Not scanned (encrypted) Avast 4.7.844.0 06.20.2006 no virus found AVG 386 06.20.2006 no virus found BitDefender 7.2 06.20.2006 no virus found CAT-QuickHeal 8.00 06.20.2006 no virus found ClamAV devel-20060426 06.20.2006 no virus found DrWeb 4.33 06.20.2006 no virus found eTrust-InoculateIT 23.72.43 06.20.2006 no virus found eTrust-Vet 12.6.2265 06.20.2006 no virus found Ewido 3.5 06.20.2006 no virus found Fortinet 2.77.0.0 06.20.2006 no virus found F-Prot 3.16f 06.20.2006 suspicious Ikarus 0.2.65.0 06.20.2006 no virus found Kaspersky 4.0.2.24 06.20.2006 no virus found McAfee 4788 06.20.2006 no virus found Microsoft 1.1441 06.20.2006 password protected NOD32v2 1.1611 06.20.2006 error - password-protected file Norman 5.90.21 06.20.2006 Mitglied.gen Panda 9.0.0.4 06.20.2006 no virus found Sophos 4.06.0 06.20.2006 no virus found Symantec 8.0 06.20.2006 no virus found TheHacker 5.9.8.162 06.20.2006 no virus found UNA 1.83 06.20.2006 no virus found VBA32 3.11.0 06.20.2006 no virus found VirusBuster 4.3.7:9 06.20.2006 I-Worm.Bagle.ZIP.Gen---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.Virus".The archives can be foundat http://www.mail-archive.com.
