[Declude.Virus] Possibly New Virus?
Hello, Just wanted to write to let ya'll know about a message that I received today (Scott, I've forwarded the original message to the virustrap e-mail account for review). Maybe someone has already seen this, but this is a first for me. Neither F-Prot on the server nor Norton Anti-virus 2004 on my locally machine hit on this. Declude Junkmail caught this thus the reason I ended up seeing it. The names of the TO: recipients has been changed to protect the innocent (haha). This is the ingredients of the message: From: Clipperp ([EMAIL PROTECTED]) Subject: RE: Incoming Msg Attachments: You_will_answer_to_me.zip (147b) Body (HTML): For security purposes the attached file is password protected. Password -- 43561 HTML Code: htmlbody brFor security purposes the attached file is password protected. Password -- img src=cid:oaxudqhplk.gif;br br /body/html _Internet Headers___ Received: from dzrostlik2.com [208.17.119.7] by mail.crescentdigital.com (SMTPD32-6.06) id A2D24F40106; Thu, 29 Apr 2004 09:27:46 -0400 Date: Thu, 29 Apr 2004 08:26:08 -0600 To: Me [EMAIL PROTECTED] From: Clipperp [EMAIL PROTECTED] Subject: RE: Incoming Msg Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=qbnzwdjpfmkqdeghmlqc X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: SPAMDOMAINS: Spamdomain 'aol.com' found: Address of [EMAIL PROTECTED] sent from invalid infoserverx.stellar-industries.com. X-RBL-Warning: HELOBOGUS: Domain dzrostlik2.com has no MX or A records [0301]. X-Declude-Sender: [EMAIL PROTECTED] [208.17.119.7] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, SPAMDOMAINS, HELOBOGUS, WEIGHT10, WEIGHT20 [23] X-Note: This E-mail was sent from infoserverx.stellar-industries.com ([208.17.119.7]). X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 383206833 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Possibly New Virus?
Ok.. Thanks.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 29, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Possibly New Virus? Just wanted to write to let ya'll know about a message that I received today (Scott, I've forwarded the original message to the virustrap e-mail account for review). Maybe someone has already seen this, but this is a first for me. Neither F-Prot on the server nor Norton Anti-virus 2004 on my locally machine hit on this. Declude Junkmail caught this thus the reason I ended up seeing it. This is one of those corrupt .ZIP ones -- the .ZIP file was only 2 bytes long (a carriage return and linefeed, suggesting that an AV program along the way removed the file, or it was never attached by the virus). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] [OT} Anti-Virus - Client Side Suggestion
McAfee, Norton, or others? Which do you think provides the quickest updates and the best support.. Just was curious.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] W32.Netsky.Q got through..
Hello, This morning when receiving message from our spam account (I hold everything instead of deleting then review), I received a message and attachment that Norton AV on my local machine caught as a Netsky.Q virus. This would have been delivered to the client had it not failed the spam tests. I'm running Declude v1.79 and F-Prot 3.14e with latest defs. Anyone else seeing Netsky.Q's getting through? Luckily I haven't seen anymore come through, but if you look at the virus logs, it sees it as virus free. UGH! Wish I could have caught it on my Linux VM so I could continue sending the message to the server to see when it finally catches it. Thoughts, comments welcome.. -Jeff __ Norton Attachment: Norton AntiVirus removed the attachment: msg15622.zip. The [EMAIL PROTECTED] threat was detected in the attachment. __ iMail Log: 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] EHLO etna.com 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] MAIL FROM:[EMAIL PROTECTED] 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] RCPT TO:[EMAIL PROTECTED] 04:23 02:21 SMTPD(05FB0112) [61.149.33.60] C:\IMAIL\spool\Db5cf112.SMD 41758 04:23 02:21 SMTP-(04FC) processing C:\IMAIL\spool\Qb5cf112.SMD 04:23 02:21 SMTP-(04FC) forwarded message to [EMAIL PROTECTED] 04:23 02:21 SMTP-(04FC) ldeliver domain.com spam-main (1) [EMAIL PROTECTED] 42284 04:23 02:21 SMTP-(04FC) finished C:\IMAIL\spool\Qb5cf112.SMD status=1 __ Declude Log: 04/23/2004 02:21:25 Qb5cf112 L1 Message OK 04/23/2004 02:21:25 Qb5cf112 Tests failed [weight=14]: SBL=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN SPAMHEADERS=WARN WEIGHT10=ROUTETO CATCHALLMAILS=IGNORE __ Virus Log: 04/23/2004 02:21:24 Qb5cf112 Scanned: Virus Free [MIME: 2 30030] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Hello, Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. I didn't even think about EZIP. That didn't catch it either when it should have, correct? I'll have to see if I can restore the attachment. It's still sitting in NAV quarantine. Anyway, here's what's listed in my VIRUS.CFG file (truncated): # LOGLEVELMID # SCANFILE C:\Progra~1\FSI\F-Prot\FPcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORTInfection: # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # BANEXT scr BANEXT pif BANEXT exe BANEXT com BANEXT EZIP # BANNAME photo.zip BANNAME private.zip BANNAME Wendy.zip BANNAME p_usb.zip BANNAME Attach.rar BANNAME Details.rar BANNAME details.rar BANNAME Document.rar BANNAME Encrypted.rar BANNAME first_part.rar BANNAME Gift.rar BANNAME Info.rar BANNAME Information.rar BANNAME Message.rar BANNAME MoreInfo.rar BANNAME pub_document.rar BANNAME Readme.rar BANNAME Text.rar BANNAME text_document.rar BANNAME TextDocument.rar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 9:45 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] W32.Netsky.Q got through.. This morning when receiving message from our spam account (I hold everything instead of deleting then review), I received a message and attachment that Norton AV on my local machine caught as a Netsky.Q virus. This would have been delivered to the client had it not failed the spam tests. I'm running Declude v1.79 and F-Prot 3.14e with latest defs. Anyone else seeing Netsky.Q's getting through? Luckily I haven't seen anymore come through, but if you look at the virus logs, it sees it as virus free. UGH! Wish I could have caught it on my Linux VM so I could continue sending the message to the server to see when it finally catches it. Are other copies of Netsky.Q getting caught? Do you have a line BANEXT EZIP in your virus.cfg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Ok.. If I can get it unquarentined and sent to ya I will.. Sending may be a problem as well with NAV (which can be disabled) and F-PROT on the server.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
I attempted to resend the virus again and it bounced (Unknown user: [EMAIL PROTECTED]). Just wanted to reconfirm the virus e-mail address. Is it [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Ok.. The latest time I tried to send (at 1300) went through.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Friday, April 23, 2004 12:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Ok.. I looked in the logs.. This is what I found.. 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:34 SMTP-(05B4) RCPT To:[EMAIL PROTECTED] 04:23 11:34 SMTP-(05B4) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:34 SMTP-(05B4) QUIT I'm going to attempt to resend it again and keep an eye on the logs.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 12:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. I attempted to resend the virus again and it bounced (Unknown user:... You'll need to check your IMail log file to see why IMail couldn't deliver the E-mail (we have no record of any E-mail from you to that address today). The address you sent it to was correct. Note that we rarely give out the address in lists to reduce the amount of spam sent to that address. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
Hello, I forwarded that virus onto you [EMAIL PROTECTED] It came from my main work e-mail [EMAIL PROTECTED] - instead of this account. But just looking at the mail logs, I don't know if it went through or not. Here's our logs: 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]... Sender ok 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection It ended up with a status=2. Did I send it to the wrong account? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
PLEASE DISREGARD ..Message was stuck in queue.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Friday, April 23, 2004 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Hello, I forwarded that virus onto you [EMAIL PROTECTED] It came from my main work e-mail [EMAIL PROTECTED] - instead of this account. But just looking at the mail logs, I don't know if it went through or not. Here's our logs: 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]... Sender ok 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection It ended up with a status=2. Did I send it to the wrong account? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. Yes, so far this is the only copy that has come through. I haven't heard from any of my clients of them saying the virus has come through. OK, so that means that F-Prot is able to catch them. I didn't even think about EZIP. That didn't catch it either when it should have, correct? That depends on whether the attachment was an encrypted .ZIP file, and whether you have the BANEXT EZIP option enabled. BANEXT EZIP Since you do have it enabled, it is difficult to say what happened. If you do still have a copy of it, you can send it to our virustrap@ address, and we can analyze it. It may be a corrupt, non-viable variant. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.Q got through..
I was able to send the virus to that account (at 1300).. I checked our logs and it went through and got a response e-mail.. The message below got caught up in queue.. Was messing with our DNS servers trying to fix the timeout problems we've been having lately.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 2:27 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] W32.Netsky.Q got through.. I forwarded that virus onto you [EMAIL PROTECTED] It came from my main work e-mail [EMAIL PROTECTED] - instead of this account. But just looking at the mail logs, I don't know if it went through or not. Here's our logs: 04:23 11:33 SMTP-(0508) MAIL FROM:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 250 2.1.0 [EMAIL PROTECTED]... Sender ok 04:23 11:33 SMTP-(0508) RCPT To:[EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) 550 5.7.1 [EMAIL PROTECTED]... we do not relay [EMAIL PROTECTED] 04:23 11:33 SMTP-(0508) QUIT 04:23 11:33 SMTP-(0508) 221 2.0.0 mail.fluns.com closing connection It ended up with a status=2. Did I send it to the wrong account? It looks like your mailserver is sending to the A record rather than the MX record (that nasty old IMail bug strikes again...). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Proactive Response - Maybe already in Pro version
Hello, I was just wondering something. Like most people on the list, I told Declude to block EZIP files. I just got a call from a client that said that his messages couldn't be sent out because it was an EZIP file (password protected zip file; payroll). I told him of the server configuration and suggested that maybe zipping the password protected zip file would work. When I tested my suggestion, I was surprised that it worked and the zip file was passed without a worry from the server. I was wondering, is this already built into the Pro version and what could us standard's do if the virus writers begin this type of attack? I know I haggle my users not to run any attachment from someone they don't know, but you can never tell. And who knows, they might just see that it's double-zipped and think it's fine; Oh a virus wouldn't be double-zipped, so it should be ok. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Object Vulnerability
Hello, Was wondering if there is anyway to test and make sure Declude is catching this? Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OBJECT CODE vulnerability - Notifications
Great.. Thanks.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, March 19, 2004 4:13 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] OBJECT CODE vulnerability - Notifications I was wondering what if any notification are sent out when this is caught. Is there anything needed to be changed in the global or virus.cfg files? I downloaded and installed the latest interim release. These are treated exactly the same as all other vulnerabilities. You do not need to make any config files changes; the latest interim release handles it automatically. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New Virus - MiMail.C - spreading fast
wOOhOO! F-Prot is catching them now.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Off Topic I think
What's weird is that it also appears as though the same thing happened with the Half-Life 2 code. E-mail was acting strange and then a portion of the code was stolen. I wonder if it was a Microsoft product that this person (that working on the Half-Life 2 code) was using. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, October 24, 2003 12:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Off Topic I think Have you done a complete virus scan? If it is a virus, by far not all virus are e-mail borne. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Link Brokers Support Sent: Friday, October 24, 2003 8:50 AM To: Declude Virus; Declude Junk Mail Subject: [Declude.Virus] Off Topic I think This morning our Quick Book Files were completely deleted. This happened automatically when our account department started up the PC. It just started deleting files. I DID a search on new file installed and Found a QIN and MPR file extension that showed up as new files at 5:30 am this morning. Can anyone shed some light and lead me in the right direction. Do I need to ban QIN and MPR files? Kevin Shimwell Link Brokers Group, LLC ( Support ) 401 Ist Ave. North North Myrtle Beach, SC 29582 Phone: 843-663-1004 Fax: 843-663-1007 Email: [EMAIL PROTECTED] 24/7 Support http://www.linkbrokers.com/support_ticket.cfm Support M-F 1-888-546-5631 [This E-mail scanned for viruses by Link Brokers Group, Inc Virus Protection] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Off Topic I think
http://story.news.yahoo.com/news?tmpl=storycid=569ncid=738e=3u=/nm/20031 023/tc_nm/media_videogames_halflife2_dc --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
Hmm, I'd just send out an e-mail stating that due to recent influx of virus's and virus's contained within EXE files, you're updating the mail server security policy. Then state that beginning %on this date% the following file extensions will be blocked: yadda-yadda-yadda. Most will be angry that you're doing this, but ask them to zip the files if they wish for them to be sent. I know about the customer support aspect of it, but if you explain that you're watching out for their well-being from a possible virus infection stand-point, a lot will see your point and that'll be the end of it. Sometimes it's good to be the administrator.. Hahaha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Anyone else getting hit hard today with Sobig.F again?
Time to find out which people it is and shut them down.. Disable web access and the account and watch them scramble.. hahaha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of paul Sent: Friday, September 05, 2003 3:40 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Anyone else getting hit hard today with Sobig.F again? here are my server stats since the day before SoBig-f hit up till last nights log rollover http://www.cfhosting.net/virus.scan.txt Ouch. You have outgoing Sobig? I've not seen 1 outbound sobig yet As of today, we've gotten this for the month... it's only the 5th! Virus Summary by Count --- Count Inbound/Outbound Name 16,862 16,862 / 0W32/[EMAIL PROTECTED] - 54,316 was the total in August. 182 182 / 0W32/[EMAIL PROTECTED] 152 138 / 14 W32/[EMAIL PROTECTED] 18 18 / 0W32/[EMAIL PROTECTED] 14 2 / 12 W32/Hybris.worm.B 9 9 / 0W32/[EMAIL PROTECTED] (corrupted) 8 8 / 0W32/[EMAIL PROTECTED] 6 3 / 3W32/Hybris.worm.D 2 2 / 0W32/[EMAIL PROTECTED] 1 0 / 1JS/[EMAIL PROTECTED] 1 1 / 0W32/[EMAIL PROTECTED] 1 1 / 0VBS/Lovelorn.dropper If only I could get the users with that dang Klez to clean their systems, as well as the Hybris. It's the same 3 or 4 people. over and over. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig, the next wave?
Hahaha.. I have a list of about 20+ computer IPs that we can start with.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webmaster Oilfield Directory Sent: Tuesday, August 26, 2003 9:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Sobig, the next wave? I like that idea very much... - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 1:56 PM Subject: RE: [Declude.Virus] Sobig, the next wave? Ok, this calls for a white hat virus creator. A virus that will infect all these unpatched computers, and the only thing it does is create a big bold red popup every 15 minutes that says Patch your computer, you dummy. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, August 26, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Sobig, the next wave? People a typically unaware that their machine is infected - because it continues to function perfectly. That is very true. We infected a computer in our virus lab with Sobig.F, and you couldn't tell anything unusual was happening. The file didn't seem to do anything when it was run (so the recipient probably figures that the attachment didn't get downloaded or something like that, and probably won't even say Yes, I ran the program when asked by an admin), and the only noticeable differences on the system were a couple extra registry entries and system files (files in the \Winnt directory and \Winnt\system32 directory), and a program running in Task Manager (something like winsst32.exe that doesn't look unusual). People who are infected probably would have a somewhat slower Internet connection, but that's probably about all they would notice. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig, the next wave?
I don't think that's a dumb question 'cuz I would like to know that too.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Sent: Wednesday, August 27, 2003 8:36 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Sobig, the next wave? vir0819.log 437 437 vir0820.log 2,939 2,939 vir0821.log 3,937 3,937 vir0822.log 2,755 2,755 vir0823.log 275 275 vir0824.log 91 91 vir0825.log 8,525 8,525 vir0826.log 17,099 17,099 Forgive the dumb question, where did you get this cool log counter thing? Sharyn We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships. For more information, please click (go to) htmla href=http://www.cruzanrums.com;www.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus Log Analyzer..
Hmmm.. I ran it and got these results: Virus Log Analyzer 1.2 Report Date: 8/27/2003 10:48:57 AM Source Files: *** vir0820.log * Scan Summary Total Emails Scanned = 3,477 Total Emails Clean = 3,477 Total Emails Infected= Percent of Emails Infected to Total Emails Scanned: 0.% - Virus Summary --- - But is you look at the first few lines of the log file: 08/20/2003 00:00:38 Qf2650ae File(s) are INFECTED [ W32/Sobig.F: 3] 08/20/2003 00:00:38 Qf2650ae Scanned: CONTAINS A VIRUS [MIME: 2 73519] 08/20/2003 00:00:41 Qf2680ae File(s) are INFECTED [ W32/Sobig.F: 3] 08/20/2003 00:00:41 Qf2680ae Scanned: CONTAINS A VIRUS [MIME: 2 72533] 08/20/2003 00:01:54 Qf2b10ae Scanned: Virus Free [MIME: 2 1043] 08/20/2003 00:02:18 Qf2c90ae Scanned: Virus Free [MIME: 2 35250] The first two lines show two messages containing the Sobig. Any suggestions? File-Full Count is turned on. I'm running this on a WinXP Pro machine (copied the logs from the server). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig- The Morning After
Wow.. That's great.. What port was the machine trying to use? And what IP was the machine trying to contact? Just curious.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug McKee Sent: Saturday, August 23, 2003 10:27 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sobig- The Morning After THIS IS AN INCREDIBLE GROUP ! DECLUDE IS AN INCREDIBLE PRODUCT !!! KUDUS to you Scott. Grateful THANKS to all the members who contributed yesterday ! I usually delete about 2500-3000 files from the virus folder every morning. The load in the last 24 hours was a few over 20,000. The banname feature and the badheaders caught about a bunch. The info received from the group allowed us to prepare and to advise our clients for what could have been much worse than it was. Blocking the port kept a PC somewhere in our network from doing any damage. It made over 1200 attempts to contact a server outside our network in the first hour. We will hunt it down and make sure it gets cleaned up. I am honored to be a member of this group. Sincere Thanks, Doug McKee COO South Texas Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Sobig.F [OT]
By the looks of things, this virus is going to be worse then the Klez. It's amazing the number of e-mail received. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig.F [OT]
And now I've noticed that there are more and more coming from DSL lines and the private sector instead of universities (as a majority of the first infections on my end were coming from).. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Tuesday, August 19, 2003 2:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Sobig.F [OT] I have to concur on this, we are seeing our traffic levels increased by a factor of 7 due to this virus.. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Tuesday, August 19, 2003 3:25 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sobig.F [OT] By the looks of things, this virus is going to be worse then the Klez. It's amazing the number of e-mail received. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] New interim release of Declude Virus to block Mimail's message.zip
I assume its advisable to remove the BANNAME in the virus.cfg file now, eh? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, August 05, 2003 1:35 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New interim release of Declude Virus to block Mimail's message.zip I must have missed something? What is going on... can anyone forward to me a summery email? That's what the archives are for. :) A new virus, Mimail, was released a few days ago and spread very fast. F-Prot did not detect it. Earlier today, we came out with an interim release of Declude Virus that lets you block attachments based on the file name (so you could block message.zip). Shortly thereafter, F-Prot announced that they have a new version of F-Prot that combined with the latest virus definitions will catch Mimail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] OT: F-Prot status page
Hello, I was wondering if anyone knows how to have F-Prot automatically close the status page when it's done looking for updates. I've noticed that when the page is left open, the updater won't go an look for new updates until it's closed. Once it's closed, all is well and it goes out and looks for the updates. I'm running the latest windows version.. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT: F-Prot status page
Thanks for the reply.. But, we're still able to get the updates.. It's just that with the update status page open, no updates are done.. Instant you close it, updater runs again (if it's missed the update) and checks for updates again.. Also, noticed that the full system scan will also not run when the update status page is open.. I have it setup to run at 2am on Monday mornings with updates running at 6am and 6pm.. Monday mornings when I come in, I close the status page and it runs update once again; close that and the full system scan begins. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Leske Sent: Thursday, June 12, 2003 11:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT: F-Prot status page http://www.mail-archive.com/declude.virus%40declude.com/msg05186.html Above link may wrap, but this might help. ~Rick Hello, I was wondering if anyone knows how to have F-Prot automatically close the status page when it's done looking for updates. I've noticed that when the page is left open, the updater won't go an look for new updates until it's closed. Once it's closed, all is well and it goes out and looks for the updates. I'm running the latest windows version.. Thanks.. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] [OT]: BugBear
Anyone notice a rise in Bugbear lately? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] OT - Anti-Virus Gateway
Sorry for this being off topic, but have a question. Is there an anti-virus gateway that will check all traffic coming in and going out of a server for virus's, etc. We're developing a web site for a company that will be sending and receiving resumes and other files. The system will be sending and receiving these files from client laptops and other computers. Thanks.. Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] WHITELIST IP address
So with IPBYPASS xxx.xxx.xxx.xxx in the Global.Cfg, it will tell Declude Junkmail that even though this IP is whitelisted, still run the spam tests on any message from it. Also, is there a Declude Junkmail list? I'm sorry if there is and I posted this on the Virus mailer.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, February 14, 2003 8:05 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] WHITELIST IP address We have SMTP mailers from our web servers that send contact forms, etc. to our mail server to send out. So, I've WHITELISTED all the IP addresses within our network. Are you referring to Declude JunkMail (Declude Virus doesn't allow whitelisting)? Today, I received an e-mail from a client that was pron spam (which they don't appreciate). Looking at the internet headers it appears as though the message was sent from our secondary mail server. It was probably queued when I rebooted the server yesterday and then when it came back, the secondary sent it to the primary and because the IP address of the secondary is WHITELISTED, it went through. With Declude JunkMail, if you use IPBYPASS 192.0.2.25 (where 192.0.2.25 is the IP address of the backup mailserver), it should take care of this situation. However, it would be better not to whitelist the backup mailserver (since that isn't what you want -- if it is whitelisted, you are saying that you want all mail from it to pass all the spam tests), to make sure that there won't be any issues in the future if anything changes in Declude JunkMail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] big@boss.com postmaster@boss.com
Hello, It appears as though the Sobig virus is making it's rounds again. I've gotten three or four Undeliverable mails today. Anyway, I remember reading somewhere in this list (when the virus first hit) that there was a way for Declude to block these message before the server even tried to send them out. I've looked again, but am unable to locate the messages. Can someone give me the lo-down on how to block these. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Changed name of server, now no SPAM filtering..
Yeah, that's what Scott replied back saying.. Now, just waiting for the new key.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Sent: Tuesday, February 04, 2003 10:45 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Changed name of server, now no SPAM filtering.. As memory serves me, your license is based on the main domain name of your server. Just email declude and they'll issue you a new key, I'm guessing.. Jonathan At 10:09 AM 2/4/2003 -0500, you wrote: Hello, This morning, I had to change the name of the web server (by means of registry entries), and since then, it appears as though the spam messages are not being routed to where they should, nor being delivered. I looked in the config files, but didn't find anything there. Is it something with the registration key? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] WHITELIST FROM *@home.com - wildcard
Hello, I was wondering if it's possible to add a wildcard to the WHITELIST FROM entry. So say any mail coming from Adelphia.Net would be whitelisted (E.g. WHITELIST FROM *@adelphia.net). Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] RFC for Internet E-Mail Servers - DNS setup
Hello, I was wondering if anyone knew what the RFC was for how the DNS should be configured (MX and Reverse DNS) for an internet e-mail server. It would be nice to quote from it when I e-mail the postmasters of legitimate servers which aren't configured correctly. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Whitelist single IP
Hello, I was wondering how exactly I can whitelist a single IP address. I tried adding it to the conf file, but it not working. I'm running declude v1.65 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Whitelist single IP
Hmm.. Ok, that's what I thought I added.. Changed it again, rebooted, now just waiting to see if the problem occurs again.. Thanks.. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Wolff Sent: Monday, January 06, 2003 12:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Whitelist single IP If I remember correctly on 1/6/03 8:54 AM Jeff Maze - Hostmaster wrote: I was wondering how exactly I can whitelist a single IP address. I tried adding it to the conf file, but it not working. I'm running declude v1.65 How did you add it? In the Global.cfg file I have successfully added several Ips to be ignored. Syntax is: whitelist IP 123.456.789 Regards, -Don Affirmation of Arrogance -- There is no I in team... but there is in WIN, CHAMPION, and RING === Don Wolff- Technology Coordinator Phoenix-Talent School District #4 mailto:[EMAIL PROTECTED] Office- 541-535-0200 Mobile- 541-621-4717 FAX-541-535-7552 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Interesting X-Header
Was just curious what this meant. Have never seen this before. X-Spam-Tests-Failed: MONKEYFORMMAIL --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot Updater Question
I'm not sure. I e-mail them yesterday to ask as well. Putting in a new firewall and want to make sure I configure it correctly so f-prot can get the updates. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Star Sent: Tuesday, December 03, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot Updater Question Does the F-Prot Updater for Windows use ftp behind the scenes? -- Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.