Re[2]: [Declude.Virus] Upgrade issues
Wednesday, December 22, 2004, 9:09:14 AM, you wrote: AS If the Setup doesn't have an programs only option - that leaves any AS user-configurable files intact - then it can't be used by anyone. AS Best Regards AS Andy Schmidt They have many options to go, I mentioned one either earlier in this thread or in a related thread, I can't remember now. Another simple and frequently used option is, two installers, one for new installations, and one for updates. They are probably using a canned installer builder, so it is a matter of one config for new installs and one config for updates. -- Best regards, Charlesmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.Virus] PB installing 2.0B
Hello Bill, Tuesday, December 21, 2004, 9:01:39 AM, you wrote: BL I agree, the old manual download/install should at least be an option. I BL don't like downloading 6.66mb file, just to get a 500kb declude.exe file. BL Especially when that 6mb install file takes over 3.5 minutes to complete its BL installation process, and then changes my config files in the process BL without warning (as Kami noted, it changes the .eml files - did the same BL thing here), and then did not install properly. BL After running the install, which completed without error, I ended up with a BL 288kb declude.exe file that did not work - I had to revert back to version BL 1.81 to get Declude JunkMail Virus to function again. What size BL declude.exe file have others that successfully installed 2.0B ended up with? BL Bill I haven't tried installing it yet, but this thread is very reminiscent of the last time they tried an installer. The billing and customer management software I use (Platypus for those that are curious), has a very simple solution for this major bug in the installer. During an upgrade, they give you three radio buttons for the report files (you can modify or make new reports using Crystal Reports), install the reports, install the reports to a subfolder, don't install the reports. That lets you choose the risk of overwrite, but still gives the option of seeing what's new without overwriting. -- Best regards, Charlesmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.Virus] clamav
I never updated after I posted that. I need to find a way to start and check the clamd service. Since it runs Unix style under Cygwin, it creates an instance and is out of sight, it doesn't fire correctly from a service manager like fire daemon, at least not in the config I used. I have been real busy with migrating 2 acquired companies into our network, so I haven't played with it much. Something I thought I might try is a batch file or Perl script that is fired by Task Scheduler and runs Cygwin ps to see if it is running, and restart it if it is not. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Fritts Sent: Thursday, April 01, 2004 6:54 AM To: Charles Frolick Subject: Re[2]: [Declude.Virus] clamav BTW, run clamd.exe and clamdscan.exe and notice a difference in speed Charles, Did you start clamd and then leave the server logged on? Terry --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners
IIRC, Scott had said before that 1.78 was set to become a new release before all of these viruses, so I would think that anything not related to these new virus features is very stable (I haven't seen any discussions about other problems). In other words, it should be good to go, but it is your call. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith - Declude Virus Sent: Thursday, March 18, 2004 7:58 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners Scott, How do notifications work with this new exploit? Also, normally I would not run interim releases, but I have had to lately with all the virus stuff going on. Any ideas when a new release will be made? I know this virus stuff keeps causing updates, but I would feel more comfortable with a released version at some point. Thanks! Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, March 18, 2004 8:46 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners During the past few weeks, virus writers have come up with at least 6 new tricks to get their viruses past mailserver virus scanners. They started by spreading in .ZIP files, then moved to static encrypted .ZIP files, then moved to dynamic encrypted .ZIP files, then started using pictures to give out the passwords, then started using encrypted .RAR files. The latest trick, first announced this morning, is that they are now using the OBJECT DATA exploit. With this, the virus isn't spread in the E-mail, so it can't be detected. Worse, a user doesn't have to open an attachment for it to spread. There is now a new interim release of Declude Virus that will automatically detect the OBJECT DATA exploit, which is the only way for a mailserver virus scanner to prevent Bagle.Q or Bagle.R from spreading. For people using Declude Virus, we recommend upgrading to the latest interim release (at http://www.declude.com/interim ). Please note that you MUST have an up-to-date Service Agreement to download this release. If you do not have an up-to-date Service Agreement, you can order it online at http://www.declude.com/order.htm , and then you can immediately download the latest interim release. If you are using another brand of virus scanner, you should upgrade as soon as the vendor has an upgrade available to detect the OBJECT DATA exploit. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] NAV 2003 catches passworded virus??
They could easily look for any email with a encrypted zip attachment, and the word password followed on the same line by a CID sourced image in the body and very safely assume it is the virus. It should have a negligible false positive rate, how likely is this to be a standard practice? Thinking about it, how many people would bother to encrypt a zip file for security, then send it along with the password negating that security? Thanks, Chuck Frolick ArgoLink.net From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marc catuognoSent: Tuesday, March 16, 2004 4:20 PMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] NAV 2003 catches passworded virus?? Sorry, I know Ive brought this up before but Im befuddled as to how plan old Norton Antivirus 2003 on my XP desktop using outlook 2002 can pick up this virus within a passworded file without the password. This was held in the virus directory by Declude and I released it to see if it would be caught, and it was - before it was opened. Again, this isnt really important, but Id like to know how it is happening. Any theories??? Marc -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 2:54 PMTo: [EMAIL PROTECTED]Subject: Re: Document Your file is attached.Password - This was the replacement attachment: Norton AntiVirus removed the attachment: Info.zip. The attachment was infected with the [EMAIL PROTECTED] virus. image001.jpg
RE: Re[2]: [Declude.Virus] clamav
I've heard from several consultants I know where Norton and McAfee will miss viruses they have definitions loaded for, one of them switched to Trend Micro and said he uses Trend to clean systems with Norton or McAfee when they miss one. I find it interesting that an open source *nix based AV can out perform one of the two biggest names in AV, and it probably is better than Norton too. I am definitely leaving it as an additional scanner on my system. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Fritts Sent: Tuesday, March 02, 2004 8:03 AM To: R. Scott Perry Subject: Re[2]: [Declude.Virus] clamav ClamAV update: Yesterday's results: Scanner Infections 1 (FPROT)277 2 (NAI) 125 3 (CLAMAV) 312 Fprot and Clamav reported: 150 W32/[EMAIL PROTECTED] - not reported by NAI (McAffee) 1 W32/[EMAIL PROTECTED] - not reported by NAI NAI and CLAMAV reported: 1 W32/Bagle.f!zip virus - not reported by FPROT 1 W32/[EMAIL PROTECTED] virus - not reported by FPROT FPROT alone reported: 1 W32/[EMAIL PROTECTED] 1 W32/[EMAIL PROTECTED] 1 W32/[EMAIL PROTECTED] CLAMAV alone reported 36 infections. Hard to check with no virus names but the very first one I checked was Subject: Bagle.F missed by Virus Scan 8 which was a message I tried to send to McAffee to let them know they were missing some Bafle.F's This was a a bounce message containing a message which contained another message which contained the zip file. The others were all similar to the following: Banning file with pif extension [application/octet-stream]. Scanner #3 detected a virus Found a bogus .pif file File(s) are INFECTED [: 1] Scanned: CONTAINS A VIRUS [MIME: 2 17610] There were a good many other PIF's that all 3 scanners reported. ClamAV is doing a very good job. It definitely stopped one infection that neither of the other 2 found. NAI is definitely out of the running in this episode. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: Re[4]: [Declude.Virus] clamav
As far as I can tell, there have been no issues with freshclam. Every manual test runs fine. I haven't had the time to dedicate to it that I really need to though. I am thinking about downloading and compiling the source on Cygwin myself so I can alter some of the settings, maybe even make it less dependant on the dir structure used by the other distrib so it can be used in an existing Cygwin install, we'll see, my C coding is very weak. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Fritts Sent: Tuesday, March 02, 2004 10:10 AM To: Charles Frolick Subject: Re[4]: [Declude.Virus] clamav I am definitely leaving it as an additional scanner on my system. Besides that they gave me credit for uploading a virus! Made me feel good - like I was actually doing something instead of just hunkering down! I need to read this stuff about creating your own virus signatures. That seems like an excellent solution for the period prior to the big virus updates or when there are downloader issues. I'm still having trouble with freshclam updating. Is that working for you all the time? Would you mind sharing your ClamAV config files? declude virus.cfg: SCANFILE3 C:\clamav-devel\bin\clamscan.exe --quiet --log-verbose --no-summary -l report.txt VIRUSCODE3 1 I didn't change the clamav conf files. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] I've officially given up
Sad thing is $28,000 is probably the low end of what they make per subscriber. If there wasn't a ton of money involved, there wouldn't be a spam problem. Thanks, Chuck Frolick ArgoLink.net From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Tuesday, March 02, 2004 10:51 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] I've officially given up Makes you wonder what sort of people have no life that they have to do this. People like http://www.heise.de/english/newsticker/news/44879 making 28,000.- USD per month by selling their zombies to spammers. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New virus Tanx
F-Prot calls it w32/[EMAIL PROTECTED] http://www.f-prot.com/virusinfo/descriptions/bagle_b.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, February 17, 2004 9:01 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] New virus Tanx FYI, there is a new virus that was discovered several hours ago, and we've already seen several copies come in here. Details are at http://www.sophos.com/virusinfo/analyses/w32tanxa.html . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Update
There are command line options to make it command line only, they are burried on the support website. This is what I run in Task Scheduler: C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe /internet /hidden Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, February 17, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot Update I just noticed this also on a server I consult on. The F-Prot Scheduler did not run the update. There is no fpupdater.exe. There is an updater.exe, but that is a 32bit app with no command line. Opens up a window in which you must chose to update now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Dan Star Sent: Monday, February 16, 2004 11:08 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] F-Prot Update On 2/16/04 10:57 AM, Hermann Strassner wrote: We use F-PROT Windows as virus scanner. The update engine runs only when the computer is logged in. Is there a possibility to update also when the computer is not logged in? Hermann --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Write a script and schedule the script to run and fire off the fpupdater.exe. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Multi-scanner Question
Scott, Are multiple scanners run in series or concurrently? Thanks, Chuck Frolick ArgoLink.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Multi-scanner Question
If they are run in series, then wouldn't it be best to run the next scanner only if the previous scanner passed? In other words why scan the email again if it already failed one of the scanners? Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, January 30, 2004 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Multi-scanner Question Are multiple scanners run in series or concurrently? They are run in series. Since the virus scanners typically use up as close to 100% of the CPU time that they are given, if we switched to running them in parallel, an improvement would only be shown on servers with multiple processors. However, it typically takes a virus scanner less than a second to scan all the attachments, so even on a multi-processor server, the increased delivery speed would probably not be noticed. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] SKIPEXT Question
I was wondering what other people are using for SKIPEXT to not process never virus file types? I want to keep from firing off the scanner any more often than absolutely needed. I just started a trial of Declude Virus, but have been a long time JunkMail and Hijack user. Thanks, Chuck Frolick --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.