[Declude.Virus] Hardware Issue
Due to the long holiday weekend, we have been away from the office for a few days. Unfortunately it has come to our attention that there could be a problem with key validation on the server there. After some testing, we have determined that there is in fact a hardware issue that we expect to have resolved today. We appreciate that you have taken the time to bring this matter to our attention and appreciate your patience while we rectify the situation. We will once again post to this list when the issue has been corrected. Declude Technical / Engineering
[Declude.Virus] Declude Hardware Issue
Please note that the hardware issue preventing communication with Declude has been resolved. Key authentication has resumed as normal. There appear to be some misconceptions on the lists regarding the key authentication system. In the event that your key cannot be authenticated (either due to communication failure or because the key was never issued): A) Your software will continue to function B) Your software is NEVER downgraded for any reason, either automatically or otherwise We have had a few reports from customers who have licensed versions of Pro, saying that they are receiving messages in their log files that they do not have the Pro version. We will identify the source of that issue tomorrow when the office reopens and will resolve it. It does not have any relation to the key authentication mechanism with the server, since the actual authentication with IMail versions of Declude continues to be via the old codes entered into the configuration files. David Franco-Rocha Declude Technical / Engineering
Re: [Declude.Virus] Blocking the files in mydoom
Jim, Because lots of customers were using the BOUNCE action without realizing that, in the majority of cases, the bounced message would never go back to the spammer who forged the originating address, we have changed the name of the action to: BOUNCEONLYIFYOUMUST David Franco-Rocha Declude Technical Support - Original Message - From: "Jim Nitterauer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 26, 2004 16.37 Subject: RE: [Declude.Virus] Blocking the files in mydoom > Question: > > My declude log contains the following cryptic message: > > 07/26/2004 15:32:21 Q6a3e178601c0f0dc Warning: misconfiguration in following > line in configuration file (BOUNCE is not an ACTION). May be a duplicate > test definition? > > I have checked both config files and cannot find any duplicates. I recently > installed the MTLDB test. I am using 1.79i8 > > Thanks > Any ideas? > > > Jim Nitterauer > President > Creative Data Concepts Limited, Inc. > 3 W. Garden Street > Suite 326 > Pensacola, FL 32502 > http://www.creativedata.net > 850-434-7645 > 800-607-6168 > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry > Sent: Monday, July 26, 2004 3:22 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Blocking the files in mydoom > > > >Something must be broken or something must be unusual about this file. > >I just added > > > >BANEXT ZIP > > > >It is catching other files that I have banned. And I was able to > >forward this file ([EMAIL PROTECTED])to myself from a user > >that sent it to me. Does declude treat a forwarded file differently > somehow? > >CRAP. > > No, the forwarded files are not treated differently. Does the E-mail you > received (the one you forwarded) have a .ZIP file attachment? Are you sure > it is .ZIP? > > >I am using F-protect and I updated it about noon and I'm using an > >interim downloaded about three days ago. > > Noon EST? If so, I would recommend downloading the virus definitions again. > The date of them should be July 26 or later. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, just > send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > - > [This E-mail scanned for viruses courtesy of Creative Data Concepts > http://www.creativedata.net] > > > > > - > [This E-mail scanned for viruses courtesy of Creative Data Concepts http://www.creativedata.net] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Variable to skip banned extension
John, How about: SKIPIFVIRUSNAMEHAS Klez (from example in manual) David Franco-Rocha Declude Technical Support - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 09, 2004 3:12 PM Subject: [Declude.Virus] Variable to skip banned extension > Is there a way to skip bannotify.eml for some attachments, such as skipping > for the file names of the new virus? > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Second mail server
Title: Message In this case you would, in fact, require a second license. David Franco-Rocha Declude Technical Support - Original Message - From: Sharyn Schmidt To: [EMAIL PROTECTED] Sent: Wednesday, August 18, 2004 15.14 Subject: RE: [Declude.Virus] Second mail server This will not be a forwarding server, it will act as a full fledged mailserver that will house user accounts, webmail, etc. I am planning on giving it a higher mx number so mail only goes to it when the primary can't be reached. Thanks, Sharyn -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim MatuskaSent: Wednesday, August 18, 2004 2:50 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] Second mail server If you are just using the backup server to forward mail to the primary server when it comes back online and don't have users check mail from the backup one you don't even need to load declude on the backup, just let it forward the viruses to the primary and declude will pick them up on the primary server when they get there. If you are having accounts on the backup server and have users check mail direct from the backup as far as I know you would need a second license for declude. Jim Matuska Jr.Computer Tech IICCNANez Perce TribeInformation Systems[EMAIL PROTECTED] - Original Message - From: Sharyn Schmidt To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Wednesday, August 18, 2004 11:37 AM Subject: [Declude.Virus] Second mail server Scott, Am I to assume that if I configure a backup mailserver I will need to purchase another full license for the Declude products? Thanks, Sharyn
Re: [Declude.Virus] Declude Update - Version 2.0.6
Yes, it will work with both IMail and SmarterMail. David Franco-Rocha - Original Message - From: "Mark E. Smith" <[EMAIL PROTECTED]> To: Sent: Wednesday, March 30, 2005 9:39 AM Subject: RE: [Declude.Virus] Declude Update - Version 2.0.6 Will this version work with iMail as well? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, March 25, 2005 9:48 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] Declude Update - Version 2.0.6 We are in the final stages of getting version 2.0.6 ready for release. We are completing the: . Code reviews . Documentation . Release notes . Packaging We expect to have the software available for general release week beginning April 4. Barry Barry Simpson www.declude.com Office (866) 332-5833 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Declude and Linux?
That is definitely in the stack of cards, Jeff. But we cannot yet project a release date. We will, however, keep you informed as we get closer to formulating that project. We would be interested in hearing any input you would care to provide, such as: your Linux platform, the mail server(s) you would like to see targeted, etc. David Franco-Rocha - Original Message - From: "Jeff Kratka" <[EMAIL PROTECTED]> To: Sent: Wednesday, March 30, 2005 4:29 PM Subject: [Declude.Virus] Declude and Linux? Will there be a version of Declude for Linux? Jeff Kratka TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Current Version 3.05.11??
There were several customers who were having connectivity issues with 3.0.5.9. It was traced to problems within Winsock. The subsequent versions reset Winsock periodically, which has a negative effect on the processing time, but it seerms to eliminate those connectivity issues. Very shortly we will be incorporating a new directive into the configuration, so that the system administrator can elect to have Winsock do periodic resets or not. For those who did not experience problems with connectivity, turning off that option will provide the speed of 3.0.5.9, as well as the bugs that will have been fixed since that version. David Franco-Rocha Declude Technical / Engineering - Original Message - From: "Marcel Sangers" <[EMAIL PROTECTED]> To: Sent: Friday, October 28, 2005 2:27 AM Subject: RE: [Declude.Virus] Current Version 3.05.11?? We have the same problem. 3.05.9 seems to be lots faster than 3.05.11/12. We had a problem with the mailserver so Declude had to process about 2000 msgs at once. With 3.05.12 that takes way too much time, we did a rollback to 3.05.9 and the email flows very fast. How is this possible? We use Declude Spam+Virus THREADS 15 F+Prot+AVG Sniffer -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Harry Vanderzand Verzonden: vrijdag 21 oktober 2005 22:49 Aan: Declude.Virus@declude.com Onderwerp: RE: [Declude.Virus] Current Version 3.05.11?? Changing from 305.9 to 3.05.11 changed the behaviour of processing Processing slowed down With 3.05.09 my proc directory stays virtually empty whereas with 11 it did not get emptied as entries arrived. Went back to .9 My declude.cfg is: threads 20 waitformail 500 waitforthreads 1500 waitbetweenthreads 100 Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Friday, October 21, 2005 4:23 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Current Version 3.05.11?? Hi Are there any release notes for this? It went from .09 this morning to .11 about five minutes ago. What's up? Thanks, Rob --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus name reported as different than what scanner detected.
I predict there will be a fix for this issue at the very beginning of the week. David Franco-Rocha Declude Technical / Engineering - Original Message - From: "Markus Gufler" <[EMAIL PROTECTED]> To: Sent: Friday, October 28, 2005 1:53 PM Subject: RE: [Declude.Virus] Virus name reported as different than what scanner detected. Hmm, looks like there is one single variable containing the last detected virus name and several threads writing to and reading from this variable... Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, October 28, 2005 6:44 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Virus name reported as different than what scanner detected. A little more checking and this seems to be happening on any message infected with a virus Possible bug... Running 3.x, AVAFTERJM, with EXITSCANONVIRUSDETECT ON 10/28/2005 00:39:56.359 qab8ff7a40618ffdf.smd File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 3] 10/28/2005 00:41:47.968 qabfaf7c50618004e.smd Virus scanner 1 reports exit code of 3 10/28/2005 00:41:47.968 qabfaf7c50618004e.smd Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=email-details.zip [11] O 10/28/2005 00:41:47.984 qabfaf7c50618004e.smd File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 3] 10/28/2005 00:56:05.015 qaf506d06099e03ac.smd Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=email-password.zip [11] O 10/28/2005 00:56:05.015 qaf506d06099e03ac.smd File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 3] Darrell ([EMAIL PROTECTED]) writes: > Anyone seen this before? The message (attachment) have the W97M/Thus > Virus and is detected by McAfee as having such, but the final virus > string somehow ends up at Netsky? > > Darrell > > x:\imail\spool>grep -i q41c378d5099ed6c9.smd vir1028.log > 10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd Vulnerability flags = 0 > 10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd MIME file: HD New Look > list.doc [base64; Length=59 > 904 Checksum=2996157] > 10/28/2005 11:21:10.750 q41c378d5099ed6c9.smd Virus scanner 1 reports > exit code of 0 > 10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Virus scanner 2 reports > exit code of 13 > 10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Scanner 2: Virus= the > W97M/Thus.gen Attachment=HD New Look List.doc [11] I > 10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd File(s) are INFECTED [ > W32/[EMAIL PROTECTED]: 13] > 10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Scanned: CONTAINS A > VIRUS > [MIME: 2 60102] > 10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd From: > [EMAIL PROTECTED] > To: [EMAIL PROTECTED] [ > incoming from 64.207.161.182] > 10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Subject: Here we go > Again - Proposal > > > > -- > -- Check out http://www.invariantsystems.com for utilities for Declude > And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI > integration, MRTG Integration, and Log Parsers. > > -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Technical Support Tickets
Please note that we receive a large amount of spam at our technical support email address for the ticket system. When I look through the tickets, I delete whatever looks like spam, as well as all tickets that do not contain a subject. Fortunately I keep backup copies of all incoming tech support email. I discovered a backup copy this morning of a legitimate ticket that I had deleted because it lacked a subject: completely blank. Please always provide a subject when you send email to technical support because it allows us to see at a glance whether we have several instances of an issue and also to prioritize the tickets. We have to delete emails that do not contain a subject because it takes too much time to open every email without a subject merely to determine whether it is valid or not. To facilitate processing of trouble tickets, please do not generate multiple tickets for the same issue. Simply reply to our email, which will contain the ticket number as part of the subject line. If we resolve an issue and close a ticket and the issue creeps up again, you can always reply to the last reply you received from us on that ticket. This will automatically re-open the same ticket and we will have acess to all information previously provided by you. Thanks for your cooperation and assistance. David Franco-Rocha Declude Technical / Engineering --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] AVAFTERJM
When scanning for viruses after JunkMail through use of the above directive, the following rule applies: All email will continue to be scanned for viruses EXCEPT those emails having a final JunkMail action of: HOLD DELETE David Franco-Rocha Declude Technical / Engineering --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Question concerning SKIPEXT and GDI+ Vulnerability detection
From the source it looks like the JPG woul be scanned for the GDIPlus vulnerability regardless of these other directives. David Franco-Rocha Declude Technical Support - Original Message - From: "Matt" <[EMAIL PROTECTED]> To: Sent: Friday, May 06, 2005 12:57 PM Subject: [Declude.Virus] Question concerning SKIPEXT and GDI+ Vulnerability detection To my good buddies at Declude :) (ok, you made me very happy twice yesterday) I understand that SKIPEXT JPG would cause files with JPG extensions to not be scanned with the virus scanners, but would that also disable the JPG/GDI+ Vulnerability detection? Many of us stopped skipping JPG's and other associated files when the GDI+ exploits were first discovered, but they seem to have become duds as far as actively spreading viruses (though I have seen them on sites linked to in spam as a way to install spyware). JPG's however are fairly common in E-mail and it would be a big improvement to be able to skip scanning them, and if we were protected with the vulnerability detection, I would feel comfortable turning off virus scanning of JPG's until a mass-mailing virus is seen. I wouldn't want to leave myself completely unprotected however. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] EXITSCANONVIRUS
John, There is a processing loop wherein all the scanners are called in succession. It is independent of vulnerability checking. This directive merely tells Declude to break out of the external virus scanner execution loop. If you use this directive to exit the scanning loop on virus detection and (1) you have 5 scanners listed in your cfg file and (2) a virus is detected by the first scanner listed, then the effect is exactly the same in processing as if you had a single scanner listed and a virus were detected by that single scanner. David Franco-Rocha Declude Technical Support - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: Sent: Friday, May 27, 2005 2:50 AM Subject: [Declude.Virus] EXITSCANONVIRUS A question about this new feature. Am I correct in thinking that as soon as a scanner reports a virus, the next scanner(s) in line will not be called and the message will be processed accordingly, and that it will not be affected by Declude first finding a banned attachment before having it scanned by a scanner? John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Invalid ZIP Vulnerability
This vulnerability is triggered if the file format diverges from the official ZIP format specification. David Franco-Rocha Declude Technical Support - Original Message - From: "Paul Navarre" <[EMAIL PROTECTED]> To: Sent: Friday, May 27, 2005 1:54 AM Subject: [Declude.Virus] Invalid ZIP Vulnerability What exactly triggers the Invalid ZIP Vulnerability? I am a small ISP, and one of my client keeps getting expected zips from a graphics company caught by this. Thanks, Paul --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] EXITSCANONVIRUS
John, This setting defaults to OFF, which is the way it has been historically. The only setting it actually looks for is ON. If you omit the directive completely from your virus.cfg file, it will be OFF. Please note that the actual directive is EXITSCANONVIRUSDETECT ON David Franco-Rocha Declude Technical Support - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: Sent: Friday, May 27, 2005 11:17 AM Subject: RE: [Declude.Virus] EXITSCANONVIRUS Thanks. Is this a configurable meaning we have to have either ON or OFF? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Franco-Rocha [ Declude ] Sent: Friday, May 27, 2005 7:21 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] EXITSCANONVIRUS John, There is a processing loop wherein all the scanners are called in succession. It is independent of vulnerability checking. This directive merely tells Declude to break out of the external virus scanner execution loop. If you use this directive to exit the scanning loop on virus detection and (1) you have 5 scanners listed in your cfg file and (2) a virus is detected by the first scanner listed, then the effect is exactly the same in processing as if you had a single scanner listed and a virus were detected by that single scanner. David Franco-Rocha Declude Technical Support - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: Sent: Friday, May 27, 2005 2:50 AM Subject: [Declude.Virus] EXITSCANONVIRUS A question about this new feature. Am I correct in thinking that as soon as a scanner reports a virus, the next scanner(s) in line will not be called and the message will be processed accordingly, and that it will not be affected by Declude first finding a banned attachment before having it scanned by a scanner? John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Newbie question
Thanks. This will be added to the manual. David Franco-Rocha Declude Technical Support - Original Message - From: "Darin Cox" <[EMAIL PROTECTED]> To: Sent: Monday, June 06, 2005 10:58 AM Subject: Re: [Declude.Virus] Newbie question Great... Could the Declude staff have this added to the manual? Darin. - Original Message - From: "Guhl, Markus (LDS)" <[EMAIL PROTECTED]> To: Sent: Monday, June 06, 2005 4:28 AM Subject: AW: [Declude.Virus] Newbie question hi darin, we use AVAFTERJM ON with Declude 2.0.6.14 and it works like we need it. mfg i.a. gez. markus guhl *** lds nrw ref. 241 tel.: 0211 9449 2578 fax.: 0211 9449 8344 mailto:[EMAIL PROTECTED] *** -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Darin Cox Gesendet: Sonntag, 5. Juni 2005 23:02 An: Declude.Virus@declude.com Betreff: Re: [Declude.Virus] Newbie question I don't know if it still exists since it is not in the current manual, but there was an option in previous versions of AV called AVAFTERJM that allowed JunkMail to run first. Otherwise you are correct that AV would run first. Darin. - Original Message - From: "Kevin Rogers" <[EMAIL PROTECTED]> To: Sent: Sunday, June 05, 2005 3:17 PM Subject: Re: [Declude.Virus] Newbie question Thanks for the quick response. Yes, I have the Pro versions for both AV and Junkmail. Darin Cox wrote: Do you have the Pro version of Declude Junkmail? You have to have pro to use filters and outbound scanning. The fromfile filter I mentioned will work in the standard version, though. Darin. - Original Message - From: "Kevin Rogers" <[EMAIL PROTECTED]> To: Sent: Sunday, June 05, 2005 2:56 PM Subject: Re: [Declude.Virus] Newbie question I changed it to HEADERS and still I am receiving emails from these addresses (got 4 of them personally yesterday). My virus scanner is now updated every four hours, so F-Prot caught these viruses, but I still am receiving the virus notifications. Perhaps the scanning takes place (and the notifications are sent out) before my filter is called? This is what my filter file contains: HEADERS0CONTAINS[EMAIL PROTECTED] HEADERS0CONTAINS[EMAIL PROTECTED] etc. This is what I have in my global.cfg MYFILTERfilterC:\Imail\Declude\Filter.txtx200 This is in my $default$.junkmail file WEIGHT20HOLD What am I missing? Thanks. Scott Fisher wrote: The MAILFROM filter test is seperate from anything in the headers. It is the envelope sender. If you want to test on the header from (I call it display from because that's what Outlook displays), you need to check the HEADERS. - Original Message - From: "Kevin Rogers" <[EMAIL PROTECTED]> To: Sent: Friday, June 03, 2005 3:26 AM Subject: Re: [Declude.Virus] Newbie question Great. Exactly what I needed. I was also confused about the MAILFROM. Does MAILFROM mean what is displayed as the FROM: in the headers or what it says in the "X-Note: This E-mail was sent from 206-72-95-86.wi.skypipeline.com ([206.72.95.86])" or in the X-Declude-Sender field? Maybe I should just use the HEADERS 0 CONTAINS instead. Thanks again. Scott Fisher wrote: One caveat. The MAILFROM uses the envelope mailfrom, which is different than the ones displayed in the headers. If the below doesn't stop it, add HEADERS 0 CONTAINS [EMAIL PROTECTED] HEADERS 0 CONTAINS [EMAIL PROTECTED] - Original Message - From: "Kevin Rogers" <[EMAIL PROTECTED]> To: Sent: Thursday, June 02, 2005 10:37 PM Subject: Re: [Declude.Virus] Newbie question I looked up the filter section at the manual. This is what I did. I made a file called filter.txt. This contains: MAILFROM0CONTAINS[EMAIL PROTECTED] MAILFROM 0CONTAINS[EMAIL PROTECTED] etc. I then added this line in global.cfg: MYFILTERfilterC:\Imail\Declude\filter.txtx200 In my $default$.junkmail file there was already this line: WEIGHT20HOLD Do I need to do anything else to the junkmail file to reference MYFILTER or does the WEIGHT20 take care of everything? Thanks. Kevin Darin Cox wrote: Nope... add a "filter" test and put those lines in it. The same thing I mentioned without pro applies here for adding test names to the global.cfg and $default$.junkmail. The manual at http://declude.com/junkmail/manual.htm decribes adding filter files pretty well. Darin. - Original Message - From: "Kevin Rogers" <[EMAIL PROTECTED]> To: Sent: Thursday, June 02, 2005 7:09 PM Subject: Re: [Declude.Virus] Newbie question I have pro. How do I add filters? Should I add that line "MAILFROM10 CONTAINS [EMAIL PROTECTED]" in virus.cfg or global.cfg? Do I nee
Re: [Declude.Virus] what does this mean in the virus log file?
Nick, With the enhancement of turning off checking for individual vulnerabilities, this information indicates for Declude which vulnerabilities are being checked and which ones are not. David Franco-Rocha Declude Technical Support - Original Message - From: "NIck Hayer" <[EMAIL PROTECTED]> To: Sent: Monday, June 06, 2005 5:51 PM Subject: Re: [Declude.Virus] what does this mean in the virus log file? Vulnerability flags = 76 Thanks! -Nick --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] viruses getting through
Daniel, Do the log files show anything for these messages? If so, please send the related entries from the logs to [EMAIL PROTECTED] David Franco-Rocha Declude Technical Support - Original Message - From: "Daniel Ivey" <[EMAIL PROTECTED]> To: Sent: Wednesday, June 08, 2005 3:53 PM Subject: [Declude.Virus] viruses getting through Greetings, Over the past 2 days, I have had some viruses get through my Declude Virus, with updated definitions. Has anyone else seen this? Also, when I receive an email and look at the headers of the email, I am not seeing where Declude Virus scanned the message. Does anyone have any suggestions? I am running version 1.82. Thanks, Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.