[Declude.Virus] Re: ClamAv with Declude

2008-12-29 Thread David Dodell 

On Dec 29, 2008, at 8:18 AM, Scott Fisher wrote:

I use the runclamscan program to call clamav. Here's my virus.cfg  
lines


SCANFILE1 c:\clamav\runclamscan.exe log=1 C:\clamav\clamdscan.exe -- 
quiet -l

report.txt
VIRUSCODE1 1
REPORT1 FOUND



Scott, the version of clamdscan I have did not have a runclamscan.exe  
in its directory.Can you send it along to me as an attachment?


So declude can't call clamdscan directly?

David


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] ich bin bis zum 10.01 in urlaub / sono in ferie fino al 10.01

2008-12-29 Thread guenther 
Sehr geehrter Kunde, 
sehr geehrter Interessent,

bis zum 09.01.09 ist unser Büro wegen Weihnachtsurlaub geschlossen. Trotzdem 
werden wir dafür sorgen, dass während der Feiertage und "zwischen den Jahren" 
alle Server-Dienste in gewohnter Qualität verfügbar sein werden. 

In dringenden Notfällen schicken Sie uns bitte ein Mail an i...@dnd.info oder 
ein Fax an 0472 920109. 
Nach den Ferien sind wir wieder persönlich für Sie da.

Wir danken Ihnen für die angenehme Zusammenarbeit und das an uns erwiesene 
Vertrauen. Feiern Sie schön, lassen Sie es sich gut gehen. Genießen Sie die 
Zeit mit Ihren Liebsten. 
Fröhliche Weihnachten und erholsame Feiertage!

Koch Günther
DND INTERNET AGENTUR





---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] ClamAv with Declude

2008-12-29 Thread Gary Steiner 
There is an announcement on the SOSDG web site saying they will no longer 
support their version of ClamAV.

http://www.sosdg.org/clamav-win32

Is anyone using a different port of ClamAV with Declude?  Has anyone had 
success with http://www.clamwin.com/  ?




 Original Message 
> From: "Scott Fisher" 
> Sent: Monday, December 29, 2008 7:39 AM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] ClamAv with Declude
> 
> I use the runclamscan program to call clamav. Here's my virus.cfg lines
> 
> SCANFILE1 c:\clamav\runclamscan.exe log=1 C:\clamav\clamdscan.exe --quiet 
-l
> report.txt
> VIRUSCODE1 1
> REPORT1 FOUND
> 
> -Original Message-
> From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of 
David
> Dodell
> Sent: Sunday, December 28, 2008 11:29 AM
> To: declude.virus@declude.com
> Subject: [Declude.Virus] ClamAv with Declude
> 
> 
> On Dec 28, 2008, at 8:36 AM, Hirthe, Alexander wrote:
> 
> > http://www.mail-archive.com/declude.virus@declude.com/msg14082.html
> 
> Ok, thanks for the excellent beginning ... I'm using the Clamav-win32  
> from sosdg.org
> 
> Freshclam installed all the latest files just fine
> 
> Got it all installed ...  but something still not working:
> 
> (1) I got clamd installed as a service
> 
> (2) In my virus.cfg I have
> 
> scanfile c:\imail\declude\clamav\clamdscan.exe --quiet -l report.txt
> viruscode 1
> report FOUND
> 
> 
> (3) In my logs it reports
> 
> Could Not Parse String FOUND in report.txt
> Error 2 in virus scanner 1
> Scanned: Error in Virus scanner [MIME: 1 991]
> 
> -
> 
> So I'm assuming I need another type code or way for freshclam to exit  
> cleanly if it doesn't find a virus?
> 
> David
> 
> 
> 
> 
> 
> 
> 
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to imail...@declude.com, and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
> 
> 
> 
> 
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to imail...@declude.com, and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com. 




---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] AVG Update

2008-12-29 Thread Colbeck, Andrew 
That's very good news, David.
 
I suggest an entry on the Declude.com website, either public or in the
members' account area, that shows the current datestamp for when an
update was made available on the Declude.com webserver, and if relevant,
the update number that AVG gets it.
 
In this way, those who are out of date can see directly how far out of
date they are, and whether the problem is on their end, such as the
maintenance agreement being out of date.
 
The update number would only be of interest to users of other AVG
software, and who are perhaps used to going to the AVG website.
 
In that area of the website would also be a link to a support article
which describes the update cycle (from the point of view of a person
maintaining their Declude installation) and the entry in the declude.cfg
file.
 
 
Andrew.
 
 
 



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David Barker
Sent: Monday, December 29, 2008 12:48 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] AVG Update



I have tracked the issue. The process used to be automated but from what
I understand  some server changes were made and we are currently running
in manual mode, hence the reason for some delays over the holidays. I
will have this resolved and on an automated procedure with failover
checking asap. (I will have to plan this but for now I am thinking no
later than end of  January). Although we have many "to do's" on our list
this is a high priority. If there are any suggestions around this
procedure - post them to the list , I cannot promise on suggestions but
there may be something we can do.

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com  

 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] AVG Update

2008-12-29 Thread David Barker 
I have tracked the issue. The process used to be automated but from what I
understand  some server changes were made and we are currently running in
manual mode, hence the reason for some delays over the holidays. I will have
this resolved and on an automated procedure with failover checking asap. (I
will have to plan this but for now I am thinking no later than end of
January). Although we have many "to do's" on our list this is a high
priority. If there are any suggestions around this procedure - post them to
the list , I cannot promise on suggestions but there may be something we can
do.

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
  dbar...@declude.com

 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] AVG update

2008-12-29 Thread Andy Schmidt 
Thank you - that is helpful for our understanding.

Would it be practical to take the "human element" out of the loop and just
have a scheduled script use WGET or similar batch application check for an
updated file on their HTTP server every hour? If the returncode indicates a
new file, download it and make it available without needing manual
intervention?

That's how many of us retrieve signature updates for third party scanners
several times daily.

-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Monday, December 29, 2008 3:11 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] AVG update

An FYI on the AV process.

Declude receives from AVG an email (example below) this is typically once
per day. On occasion we may get several per day or one in two days. As soon
as this email is received we download the latest definitions to our AVG
server and the definitions are available for your Decludeproc to retrieve.
Now depending on when this last check was done by your Declude - will
determine when you will get the AV sigs or what the time difference is
between release and update.



The following virus database update has been prepared for you to download. 

--- SDK VDB Update Description ---
New Viruses: 
New Trojans: 
New Virus Variants: 
New Trojan Variants: Agent.ARGZ, Downloader.Zlob.AIFA, Generic12.AGYE,
BackDoor.Hupigon4.AXIM, Agent.ARLN, BackDoor.Generic10.AFRU

--- SDK VDB Update Files ---
avgsdk_ivdb2422.zip
avgsdk_vdb2422.zip

--- SDK VDB version.nfo ---
VDB_RELEASE_VERSION: 2422
PREVIOUS_VDB_RELEASE_VERSION: 2421
SEVERITY: critical
VDB_RELEASE_DATE: 2008-12-28 14:23
MODIFIED: microavi.avg
MODIFIED: incavi.avm
VDB_FILES_VERSION: 270.10.1/1867
REQUIRED_BIN_RELEASE_VERSION: 1.3.510

--- SDK VDB Update Notification End ---



David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com






---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.




---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] AVG update

2008-12-29 Thread David Barker 
An FYI on the AV process.

Declude receives from AVG an email (example below) this is typically once
per day. On occasion we may get several per day or one in two days. As soon
as this email is received we download the latest definitions to our AVG
server and the definitions are available for your Decludeproc to retrieve.
Now depending on when this last check was done by your Declude - will
determine when you will get the AV sigs or what the time difference is
between release and update.



The following virus database update has been prepared for you to download. 

--- SDK VDB Update Description ---
New Viruses: 
New Trojans: 
New Virus Variants: 
New Trojan Variants: Agent.ARGZ, Downloader.Zlob.AIFA, Generic12.AGYE,
BackDoor.Hupigon4.AXIM, Agent.ARLN, BackDoor.Generic10.AFRU

--- SDK VDB Update Files ---
avgsdk_ivdb2422.zip
avgsdk_vdb2422.zip

--- SDK VDB version.nfo ---
VDB_RELEASE_VERSION: 2422
PREVIOUS_VDB_RELEASE_VERSION: 2421
SEVERITY: critical
VDB_RELEASE_DATE: 2008-12-28 14:23
MODIFIED: microavi.avg
MODIFIED: incavi.avm
VDB_FILES_VERSION: 270.10.1/1867
REQUIRED_BIN_RELEASE_VERSION: 1.3.510

--- SDK VDB Update Notification End ---



David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com






---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] Force AVG update

2008-12-29 Thread David Barker 
So here is how it works.

AVG releases a virus signature update on average once per day. By default
Declude will check with the AVG definitions server once per 24 hour period
or at every start of the Decludeproc service. As the time of this check is
different for everyone we give Declude the ability to do checks on a more
regular basis which is defined in the Declude.cfg

#Ability to configure the built-in AVG update interval which checks for
updates. Minimum is 1 hour.

AVGUPDATEFREQHRS12

Then, at the end of the day we parse the logs and associate the information
with our website. So the information on the website from your HOST record as
to whether you virus signatures are updated can in fact be at the most 48
hours difference. The best way to check the virus signature  date is to get
the time/date on the files in the 
\declude\scanners\avg\db directory at least one of the files should be today
or yesterdays date. As the way the virus signature files are incremental,
they are distributed to the other files so as to provide the most efficient
file size for download.

Secondly, if you are running Commtouch. This is a ZERHOUR virus scanner that
is able to detect virus' without definitions and is real-time, you can read
more about it here:

http://commtouch.com/Site/products/zero_hour.asp

To get stats on AV accuracy compared to other scanners you can visit here:

http://commtouch.com/Site/ResearchLab/VirusLab/virusLab_docs.asp

Declude supports up to 5 additional external scanners. Declude has the key
functionality to enable the use of an external scanner as a email server
scanner. You are mistaken if you think you can use a regular network virus
scanner as your email scanner there is a reason your AV vendors have a
separate product for mail servers and average $3-5$ per user. So if you have
1000 users the cost $3000 

Here are some thoughts on why using Declude is better than your traditional
virus scanners when it comes to email:

1. There are a number of mailserver anti-virus solutions available today.
However, many of them involve an unnecessary SMTP server chain. This means
that E-mail comes in to one SMTP server, is scanned for viruses, and then
goes to another SMTP server which processes the mail in the usual fashion.
Most mail server virus scanners have no way of authenticating users. If you
have an SMTP-based virus scanner, you can have users authenticate against
the real mail server. However, by doing this, the E-mail bypasses the virus
scanner. If you allow that, you are allowing viruses though your server.
With Declude, we scan every message.

2. The Decoder the piece that Declude handles requires (among other things)
handling numerous encoding schemes, recursive MIME segments, and even
viewable non-text MIME segments (such as HTML, that needs to be scanned,
even though it isn't an attachment). MIME is very complex, and even leading
mail server manufacturers often have troubles handling MIME segments
properly. We know MIME and encoding schemes inside and out, Declude can
handle the most sophisticated MIME segments.

3. A vulnerability is a security flaw in a program. You may have heard about
some of the more common mail client vulnerabilities, such as the Outlook
"MIME Headers" vulnerability (where a virus can be run automatically with
certain versions of Outlook). While these are bad, a standard mailserver
virus scanner will catch viruses that exploit these vulnerabilities.

However, there is another serious type of vulnerability that has recently
been discovered: mail server vulnerabilities that allow viruses to bypass
mailserver virus scanners! For example, the "Outlook 'MIME segment in MIME
preamble' vulnerability causes Outlook to see viruses that don't actually
exist in an E-mail. In this case, a mail client (or mailserver virus
scanner) that properly decodes the E-mail will not see an attachment.
However, Outlook will incorrectly see an attachment.

When a virus uses this type of vulnerability, it will bypass a standard
mailserver virus scanner, and get delivered to the recipient! That's why you
should use Declude Virus: it detects these vulnerabilities. Since it detects
them, Declude Virus will be able to catch new viruses that use the
vulnerabilities, where standard mailserver virus scanners won't be able to
catch them.

You can read more about vulnerabilities here:

http://www.declude.com/articles.asp?id=219

At the end of the day it is about value and $$ I am still confident that
with Declude we still offer the best value for the least $$.

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com



-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Saturday, December 27, 2008 3:08 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Force AVG update

Well, most scanners will require much more expensive licenses, e.g., a
license per ma

[Declude.Virus] ich bin bis zum 10.01 in urlaub / sono in ferie fino al 10.01

2008-12-29 Thread guenther 
Sehr geehrter Kunde, 
sehr geehrter Interessent,

bis zum 09.01.09 ist unser Büro wegen Weihnachtsurlaub geschlossen. Trotzdem 
werden wir dafür sorgen, dass während der Feiertage und "zwischen den Jahren" 
alle Server-Dienste in gewohnter Qualität verfügbar sein werden. 

In dringenden Notfällen schicken Sie uns bitte ein Mail an i...@dnd.info oder 
ein Fax an 0472 920109. 
Nach den Ferien sind wir wieder persönlich für Sie da.

Wir danken Ihnen für die angenehme Zusammenarbeit und das an uns erwiesene 
Vertrauen. Feiern Sie schön, lassen Sie es sich gut gehen. Genießen Sie die 
Zeit mit Ihren Liebsten. 
Fröhliche Weihnachten und erholsame Feiertage!

Koch Günther
DND INTERNET AGENTUR





---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] ClamAv with Declude

2008-12-29 Thread Scott Fisher 
I use the runclamscan program to call clamav. Here's my virus.cfg lines

SCANFILE1 c:\clamav\runclamscan.exe log=1 C:\clamav\clamdscan.exe --quiet -l
report.txt
VIRUSCODE1 1
REPORT1 FOUND

-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Dodell
Sent: Sunday, December 28, 2008 11:29 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] ClamAv with Declude


On Dec 28, 2008, at 8:36 AM, Hirthe, Alexander wrote:

> http://www.mail-archive.com/declude.virus@declude.com/msg14082.html

Ok, thanks for the excellent beginning ... I'm using the Clamav-win32  
from sosdg.org

Freshclam installed all the latest files just fine

Got it all installed ...  but something still not working:

(1) I got clamd installed as a service

(2) In my virus.cfg I have

scanfile c:\imail\declude\clamav\clamdscan.exe --quiet -l report.txt
viruscode 1
report FOUND


(3) In my logs it reports

Could Not Parse String FOUND in report.txt
Error 2 in virus scanner 1
Scanned: Error in Virus scanner [MIME: 1 991]

-

So I'm assuming I need another type code or way for freshclam to exit  
cleanly if it doesn't find a virus?

David







---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.




---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Out of the Office

2008-12-29 Thread lpagillo 
I will be out of the office on Monday, December 29th through Friday, January 
2nd, returning on Monday, January 5th.

If you require immediate assistance with Declude, please send an email to 
supp...@declude.com or contact David Barker at 1-866-332-5833 Ext.1. You can 
also reach David Barker via email at dbar...@declude.com.

If you are a customer of Eaton and Kirk Advertising and you need assistance, 
please contact John Kirkpatrick at j...@eatonkirk.com or by phone at 
760-775-3626. Thank you.



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.