[Declude.Virus] Log file differences
Scott, I have been trying to get the Log File Analyzer to work and after sending a copy of a log file to Stu, have determined that my version of Declude isn't putting the : after the phrase Virus=. Is it possible that I have an older version of Declude that generated this text in the log files? Is it possible that I control the way it logs it via my virus.cfg file? Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Log file differences
Scott, Thanks I'll check with them. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Monday, December 03, 2001 10:29 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Log file differences I have been trying to get the Log File Analyzer to work and after sending a copy of a log file to Stu, have determined that my version of Declude isn't putting the : after the phrase Virus=. Is it possible that I have an older version of Declude that generated this text in the log files? Is it possible that I control the way it logs it via my virus.cfg file? I believe the problem is that McAfee sometimes includes the : and sometimes does not (it sometimes saves a report file that uses Found: Virus Name, and other times uses Found Virus Name). -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] W32/Magistr virus
Scott, Thanks for the clarification. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Friday, October 26, 2001 1:54 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32/Magistr virus I have gotten many notifications as postmaster with Snow White and Magistr and I know that at least some of our users have gotten notifications. Is it possible that only certain variants of these viruses do this? You will get the postmaster notifications. The problem is that these viruses alter the return address (for example, Snow White says it comes from [EMAIL PROTECTED]). So Declude can send you the postmaster notification without a problem (which goes to postmaster@ the recipient's domain, which is going to be valid), but when it sends the notification to [EMAIL PROTECTED], that will bounce, because it is not a valid address. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] FW: WARNING: YOU MAY HAVE A VIRUS
Thanks. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Gittens Sent: Wednesday, August 22, 2001 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] FW: WARNING: YOU MAY HAVE A VIRUS Sorry, I misunderstood! :) That is a reporting function of the virus scanner. I use McAfee. If you want to set it up with yours, you can read more at: http://www.declude.com/virus/manual.htm You can edit the .eml files to say what you want. I use McAfee and point people to the Norton site because their site is a little more user friendly. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ed Chabot Sent: Wednesday, August 22, 2001 9:18 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] FW: WARNING: YOU MAY HAVE A VIRUS Craig, I don't mean the header info but the following: The infected filename is flight comfirmation.doc.pif, and the virus name was the W32/SirCam@MM virus !!! Armed with this information, you can try to clean it by updating your virus scanner. If you lack one, you can go to http://www.symantec.com/avcenter/tools.list.html and download a removal tool if it is available for your virus. You can learn more about the virus at http://www.symantec.com/avcenter/vinfodb.html When a virus is intercepted, the recipient, the sender and the postmaster for either domain is notified automatically. There is no need for you to take any action. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Gittens Sent: Tuesday, August 21, 2001 2:55 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] FW: WARNING: YOU MAY HAVE A VIRUS In outlook, when you have the message open, ViewOptions and in the window pane you will see the full headers, just copy and paste. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ed Chabot Sent: Tuesday, August 21, 2001 2:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] FW: WARNING: YOU MAY HAVE A VIRUS How did you get all that info in the email from Declude? Mine only states the following: Declude Virus caught a virus with the subject Snowhite and the Seven Dwarfs - The REAL story! from to: [EMAIL PROTECTED] The spool file name is Daf9d0f8.SMD. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Gittens Sent: Tuesday, August 21, 2001 2:12 PM To: Declude. Virus List Subject: [Declude.Virus] FW: WARNING: YOU MAY HAVE A VIRUS Guys, I have one domain on my Imail server running declude. My sales team has received multiple emails like the one below. Can anyone tell me why declude/Imail would do this? %localhost% is only supposed to send a sunbeach.net result. In addition the sales account is a valid account and not an alias. so why did mail destined for [EMAIL PROTECTED] get in his mailbox? Confused, Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 1:45 PM To: [EMAIL PROTECTED] Subject: WARNING: YOU MAY HAVE A VIRUS Date: Tue, 21 Aug 2001 13:44:59 -0400 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: WARNING: YOU MAY HAVE A VIRUS X-Mailer: IMail v6.05 X-UIDL: 883329720 Status: U The Virus software on bicoltd.com has reported that you sent a virus with the subject flight comfirmation to: [EMAIL PROTECTED] The E-mail containing the virus has been quarantined on our servers to prevent further damage. The infected filename is flight comfirmation.doc.pif, and the virus name was the W32/SirCam@MM virus !!! Armed with this information, you can try to clean it by updating your virus scanner. If you lack one, you can go to http://www.symantec.com/avcenter/tools.list.html and download a removal tool if it is available for your virus. You can learn more about the virus at http://www.symantec.com/avcenter/vinfodb.html When a virus is intercepted, the recipient, the sender and the postmaster for either domain is notified automatically. There is no need for you to take any action. Team SunBeach D9d8b10e.SMD This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web
[Declude.Virus] Variables for email templates
I have been unsuccessful at locating a list of the variables for customizing the email template for Delude's warning email. Can anyone point me in the right direction? Thanks in advance. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: REVDNS:Re: [Declude.Virus] Sircam still going through...
We are using Declude and McAfee. McAfee is setup to auto update every night. We already had McAfee in house before we got Declude and Imail so it was an easy decision for us. We already purchased an enterprise version with 60 user support. In the last three days, Declude and McAfee caught 3 Sircam viruses and a Snow White virus. We are happy with the results so far. Hope that helps. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ric Stevenson Sent: Thursday, August 09, 2001 9:56 AM To: [EMAIL PROTECTED] Subject: REVDNS:Re: [Declude.Virus] Sircam still going through... thought i'd try once more. i want to buy declude but i am not sure what virus scanner to get with it. f-prot, mcafee, another? i'd like to talk to someone that is using it to determine what to get. thanks Ric Stevenson Systems Administrator Midway Truck Center 7601 NE 38th St. Kansas City, MO 64161 phone - 816.413.3198 fax - 816.414.6498 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 08, 2001 10:40 PM Subject: Re: [Declude.Virus] Sircam still going through... I added the /DUMB switch to the scanfile settings and the virus is still going through. Any other ideas? I think it is just happening when it is a .doc.lnk extension. We're able to catch Sircam with the .doc.lnk extension using F-Prot here. Could you E-mail me your \IMail\Declude\virus.cfg and \IMail\spool\vir.log files so I can look at them? If possible, the best way to find out what is going wrong is to get a virus that does go through into a mailbox by itself, and E-mail the whole mailbox to us. That way, we can test is here with the exact same file as is being received on your server. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
