[Declude.Virus] ClamAV with a strong aroma
Is anyone using ClamWin 0.90.2.1 with Declude AV? I was, using the following line from the virus.cfg: SCANFILE4 C:\Progra~1\ClamWin\bin\clamscan.exe --verbose --database=C:\Docume~1\AllUse~1\.clamwin\db --tempdir=C:\PROGRA~1\IPSWITCH\IMAIL\Declude\Scanners\ClamAV --no-summary -l report.txt All of a sudden last week, it started filling my C:\PROGRA~1\IPSWITCH\IMAIL\Declude\Scanners\ClamAV folder with *.clamtmp folders that wouldn't clear [and chewed up 100GB of free space in a couple of days], and I also started getting "did not finish in time" messages in the vir.logs, and it threw my CPU usage to 100% constantly. I commented clam back out and the performance went right back to normal. Has anyone else seen anything unusual with clamav performance recently? John S. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Sorry for the tardy response, I've been traveling. I used mcafee on my old system in combination with f-prot, and never had any problems there either. On my new box [new since May], I started out with a different program from eTrust because we're moving away from McAfee across the board, but I had issues with the new program and switched to scan.exe. I don't remember exactly when I made that last switch, but I have NEVER gotten scan to return anything on anything it has scanned. I send myself a report daily on activity for the previous day, and it always says in the virus detections that "0 mcafee detected for 07-10-2006", a day when clamav found 82 and f-prot and AVG each found four more. I'm away from my office until next week, and I'm going to do some more experimenting then to figure out why mcafee fails. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, 06 July 2006 4:51 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner John, What problems are you having with scan.exe? A lot of us use McAfee and have no issues. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. John Shacklett writes: > After loading 4.2.20 this afternoon, my AVG scanner is now finally > detecting viruses. Oh happy day. Now if I can just get scan.exe to > work, I'll have a full house. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Thursday, 11 May 2006 11:44 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > "Declude 4.2.3 Diagnostics" right on the top line. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Carter > Sent: Thursday, 11 May 2006 9:30 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Just curious, what does your diags.txt? Did 4.2.3 in fact get fully > installed and running? > > John C > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Thursday, May 11, 2006 6:56 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > I guess I should have been more dramatic. What I intended this to mean > was that I still don't see any evidence that AVG is working at all. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Tuesday, 09 May 2006 3:04 PM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Just for fun, I completely commented out the three scanners in my > virus.cfg and resent the eicar plain test file, and it made it to my Inbox. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Tuesday, 09 May 2006 9:58 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Forget my last post, I have different problems. Sorry. > > I followed John C's suggestion and sent myself a standard base64 MIME > encoded eicar.com file [which should have occurred to me earlier], and > I ended up with the following lines in the debug output: > > 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus > 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports > exit code of 3 > 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports > exit code of 0 > 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports > exit code of 0 > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Carter > Sent: Tuesday, 09 May 2006 9:41 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It > should show AVG working. MID and HIGH levels didn't show which scanner > caught EICAR, but DEBUG did. > > John C > > > 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not > continuing with any remaining scanners. > 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: > EICAR_Test > 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:
RE: [Declude.Virus] 4.2.3 Built-in scanner
After loading 4.2.20 this afternoon, my AVG scanner is now finally detecting viruses. Oh happy day. Now if I can just get scan.exe to work, I'll have a full house. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, 11 May 2006 11:44 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner "Declude 4.2.3 Diagnostics" right on the top line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, 11 May 2006 9:30 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just curious, what does your diags.txt? Did 4.2.3 in fact get fully installed and running? John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, May 11, 2006 6:56 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just s
[Declude.Virus] Change in logging behavior
I upgraded to 4.2.12 on 5/25, and it appears that the lines in the virus log that used to say "File(s) are INFECTED" no longer appear. Was this a conscious decision or an oversight? I run a daily activity summary that keys on that phrase to help pull the relevant report detail and it isn't working now that the lines are gone. PS: I still haven't received a resolution on my problem with AVG not finding any viruses. -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
"Declude 4.2.3 Diagnostics" right on the top line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, 11 May 2006 9:30 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just curious, what does your diags.txt? Did 4.2.3 in fact get fully installed and running? John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, May 11, 2006 6:56 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail cam
RE: [Declude.Virus] 4.2.3 Built-in scanner
I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
I sent myself a test virus after installing the update, and it was stopped by my existing scanner. I don't see any indication of additional log lines as a result of adding AVG. The default virus.cfg file states that "The default behavior is for Declude to call all scanners" and I have the "EXITSCANONVIRUSDETECT OFF" line still completely commented out, but looking at the logs it appears that the default behavior is just the opposite. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, 09 May 2006 9:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] 4.2.3 Built-in scanner
How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] How to delete quarantined messages ?
That won't work, I believe that anything with an eml extension gets processed. Change the .eml to .hold instead. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GlobalWeb.net Webmaster Sent: Wednesday, 19 April 2006 9:02 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] How to delete quarantined messages ? If you are looking to not have the message sent at all, find the .eml file in your declude folder and simply rename it - for example: from recip.eml to recip-hold.eml Sincerely, Randy Armbrecht Global Web Solutions, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Uwe Degenhardt Sent: Wednesday, April 19, 2006 4:44 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] How to delete quarantined messages ? Hi list, here is my question again. ;-) Does s.o. know how to delete the following message most likely produced by: virus.cfg ? The Declude Virus v3.1.0 software on xxx has reported that you were sent an E-mail from [EMAIL PROTECTED], containing the [Outlook 'Blank Folding' Vulnerability] virus in the [No attachment] attachment. The subject of the E-mail was "cheap oem soft shipping //orldwide". The E-mail containing the virus has been quarantined to prevent further damage. Thanks ! Uwe --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] eTrust Switches [was F-Prot Switches]
Is anyone using an etrust product for scanning? We now have one of the etrust products installed on our mailserver, and I don't have any feeling -- good OR bad -- about it. What are etrusters using for switches and configuration? I'm running it as scanner3, behind f-prot and clamAV. Thanks, John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Mcafee error 8
I think I missed something, and I'll admit right up front that I've been swamped and I haven't been paying attention as close as circumstances require, so it's my own fault. That being said, I'm getting a steady stream of "Error 8 in virus scanner 1." messages in my virus logs over the last several days. My virus scanner #1 is scan-dot-exe from our good friends at McAfee. Have others been having issues with scan-dot-exe? I don't see an engine update, and I don't see anything else peculiar in my DAT updates, but this puppy isn't performing. -- John Shacklett --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] CPL corrupted?
I've gotten a couple that were 1 byte sized [sorry, couldn't resist], kind of like some of the corrupted ZIP files we've gotten this week. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Wednesday, April 28, 2004 6:32 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] CPL corrupted? Our virus definitions from F-Prot are up to date, but still seeing multiple CPL files passing through. I decided to block them using the Ban Extension. Are these CPL files actually infected, or corrupted so the virus scanners aren't detecting them? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Fpcmd command line switches (3.14e)
I asked f-prot support about this and all they've told me so far is: "This option was added to counteract the flow of worms inside password protected zip archives." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fritz Squib Sent: Tuesday, March 16, 2004 10:07 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Fpcmd command line switches (3.14e) Has anyone tried the " -server Activate mail filter heuristics." switch yet ? Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-prot 3.14e
We always thought that it depended on whether Real-Time protector and/or Scheduler was updated. Guess some more experimentation is called for, although we're scanning on an NT4 server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Tuesday, March 16, 2004 11:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e If you run W2K professional usually f-prot asks you to reboot after the upgrade. Running W2K Server it shouldn't ask you for any reboot at all... at least that has been my experience. So.. you don't have to worry about rebooting. Regards Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Tuesday, March 16, 2004 8:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e Being new to Declude/F-prot I was testing an install. Running W2K I updated F-Prot from 3.14C to 3.14E and restarted everything without rebooting. Seems to be working fine on my desktop. Is this safe on my mail server as well? I am not very comfortable rebooting that often. Thanks DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 5:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-prot 3.14e I didn't have 3.14d loaded in production long enough to form an opinion, but 3.14e seems to be working perfectly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-prot 3.14e Appears to be out today. -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-prot 3.14e
I didn't have 3.14d loaded in production long enough to form an opinion, but 3.14e seems to be working perfectly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, March 16, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-prot 3.14e Appears to be out today. -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Bannotify.eml missing extension.
Good morning. Here's a new twist. I got one this morning that read: The mail server for continentaloffice.com does not accept E-mail with attachments that contain the readme.zip extension. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, March 04, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Bannotify.eml missing extension. I saw this in the flood of messages today [or was it yesterday] and I can't find it to chime in with a [forgive me] "me too". I have this line in my bannotify.eml: The mail server for %LOCALHOST% does not accept E-mail with attachments that contain the %BANEXT% extension. I just received a notification message that said: The mail server for continentaloffice.com does not accept E-mail with attachments that contain the extension. I dug out the D-file for that message and here's the relevant hunk out of the MIME headers: --pbgivjxdscnisewbjysa Content-Type: application/octet-stream; name="Readme.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Readme.zip" I have the D-file, and I have the log extract. This only happens intermittently, but we've gotten so many over the last few days that I've noticed them more than I would have otherwise. This was an encrypted ZIP attachment, with an EXE inside. I'm doing BANZIPEXTSON and BANEZIPEXTS ON, but not BANEXT ZIP or its ezip cousin. And finally, I am getting other notifications with "ZIP-scr" or "ZIP-exe" in the %BANEXT% spot. Having said all that: is this further evidence of a glitch or not? [I'm almost totally befuddled at this point, and I hate being a "me too". Sorry.] -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus]
Thank you. Now that I've had to block ZIP files, this has become a larger issue. After years of telling my users "just ZIP up anything you need to send that would otherwise get blocked" I'm ready to scream. I'm guessing I won't be screaming alone though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, March 01, 2004 10:19 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] >Is it possible to have messages containing attached files with banned >extensions land somewhere other than the \declude\virus folder? No, that is not currently possible. However, that is a feature that we will likely be adding. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus]
Is it possible to have messages containing attached files with banned extensions land somewhere other than the \declude\virus folder? -- John Shacklett [EMAIL PROTECTED] [EMAIL PROTECTED] www.continentaloffice.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Scanning Question
This question sure seems to come up regularly. Here's my slant: We are a smallish private company, and our clients span the spectrum from private individuals to major multinational behemoths. We have one client in particular that sends us electronic purchase orders generated by their in-house purchasing system, and every one trips the Outlook 'Blank Folding' Vulnerability. I respect the vulnerability scanning without question, and I wouldn't dream of turning it off. So, I monitor the postmaster notices closely, and I drop everything and manually place those purchase orders in the Spool and hope that nobody notices the delay. That outfit is large enough that they don't even REPLY to my "hey, your system needs a tiny tweak" messages, much less ridicule me for suggesting that their system isn't perfect. It's not a big deal [at least for me and my situation], and if the capability existed to relax things the bare minimum it would take to let just those through, I might not. I'd sit around wondering who would exploit that tiny opportunity, and I already have enough to worry about. But, I would consider it. And I understand why people keep asking for this capability in Declude.Virus. And, to answer your question Scott, I don't. There are just circumstances occasionally that muddy the black and white of it. The consequences of the "Outlook 'Blank Folding' Vulnerability" can be serious, but I'm looking at a situation where their system, not MS based, is sending an email to my business system, also not MS based. So an "Outlook" vulnerability isn't in play. But only I know that, I don't expect Declude to. I only expect Declude to continue to do the excellent job it does watching for the vulnerability, no matter what. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, 12 November 2003 5:09 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Scanning Question >Is it possible to not scan an email from a specific sender for >vulnerabilities? No. > They are tripping the 'blank folding' vuln. and we >quarantine it. Thanks, Why do you want them to be allowed to send E-mail with vulnerabilities? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] McAfee Enterprise 7.0 not picking up Sobig.F
After reading your post I went in and looked at my server, and the [expletive deleted] McAfee Autoupdater hadn't successfully processed an update since the 19th when it pulled 4286. That meant that we were on 4286 DATs and not the current 4288. I forced an update manually, and it pulled these new definitions just fine, but I have two days worth of failed updates in the activity logs that just give me a sick feeling in the pit of my stomach. I am seeing both scanners picking it up. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Newberg Sent: Wednesday, 20 August 2003 6:55 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] McAfee Enterprise 7.0 not picking up Sobig.F I use two scanners, F-Prot and McAfee Enterprise 7.0. F-Prot is picking up Sobig.F, but McAfee is not. I have the latest definitions, 4288, and the latest engine 4.2.60. When I send the test eicar file as a zip, both scanners detect it, so I know both scanners are functioning. Does anyone have any ideas as to why my McAfee is not detecting Sobig.F? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Skipping Sobig.F virus notifications
I'm running late catching up on my Declude lists today, so forgive me for jumping in here - not only late but in the middle of the thread. Twice today I have been sitting at local users machines for unrelated tasks, and in both cases I noticed notifications in their local email inboxes warning about inbound sobig messages. I didn't give it a lot of notice at the time, I knew we got a zillion of them already. The problem is that I have had "SKIPIFVIRUSNAMEHAS Sobig" in both recip.eml and sender.eml for a long time now, long enough that several other entries are in there now under the Sobig lines. Something's wacky, but I haven't had a spare moment to do any log investigation yet. The only thing that's unusual here is I was also seeing something that others have mentioned: my f-prot is catching this and my mcafee was not, so I was only getting hits using my Scanner2, and not my Scanner1. I can't imagine what that might matter, but I do know that the "SKIPIF..." lines ordinarily work without fail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Wednesday, 20 August 2003 10:11 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Skipping Sobig.F virus notifications Ah, but that is why in the virus.cfg file, you put a line in like this: FORGINGVIRUSsobig This way, the sender e-mail address is replaced with [Forged]. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS > Sent: Wednesday, August 20, 2003 6:58 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Skipping Sobig.F virus notifications > > Yes but ist not good marketing when then the receiver phones the sender which > are an innocent victim ant threats him with some less > nice things > > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) > Sent: 20. august 2003 15:44 > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Skipping Sobig.F virus notifications > > > I put it in the sender.eml and otherpostmaster.eml. I still want the > recipient to get it. Good marketing. We are doing our job. Of course, I want > to see it. > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > [EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS > > Sent: Wednesday, August 20, 2003 6:31 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] Skipping Sobig.F virus notifications > > > > you put it in every .eml file in the declude folder > > > > as the first line > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > [EMAIL PROTECTED] On Behalf Of Tim Collins > > Sent: 20. august 2003 15:08 > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] Skipping Sobig.F virus notifications > > > > > > What configuration file do you put 'SKIPIFVIRUSNAMEHAS Sobig' in and > > what exactly does it do with the message. > > > > New ISP owner, > > > > Tim Collins > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS > > Sent: Wednesday, August 20, 2003 7:00 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] Skipping Sobig.F virus notifications > > > > > > just using SKIPIFVIRUSNAMEHAS Sobig and that seems to work > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Flook > > Sent: 20. august 2003 14:45 > > To: Declude Virus Mailing list (E-mail) > > Subject: [Declude.Virus] Skipping Sobig.F virus notifications > > > > > > I have tried a couple of different SKIPIFVIRUSNAMEHAS variations without > > success: > > > > SKIPIFVIRUSNAMEHAS W32/Sobig.F > > SKIPIFVIRUSNAMEHAS Sobig.F > > > > There is just one space betweent the SKIPVIRUSNAMEHAS and vulnerability. > > What is everyone else using? Also, for the next time, will the > > vulnerability name be what is reported by the %VIRUSNAME% variable or > > something else? > > > > Thanks, > > Steve > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus".The archives can be found > > at http://www.mail-archive.com. > > > > > > > > --- > > [This E-mail was sca
RE: [Declude.Virus] IPBYPASS
I am doing it, thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, 29 May 2003 9:27 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] IPBYPASS >Does Declude Virus know how to handle IPBYPASS lines in the virus.cfg file, >much along the lines of how Declude JM does? No. >When I get postmaster notifications on virus interceptions that were >passed along from one of my >secondary mailhosts, I would like the reported %REMOTEIP% to skip those >addresses. If you aren't already doing it, you may want to use the %HEADERS% variable, which will include the full headers of the original E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] IPBYPASS
Does Declude Virus know how to handle IPBYPASS lines in the virus.cfg file, much along the lines of how Declude JM does? When I get postmaster notifications on virus interceptions that were passed along from one of my secondary mailhosts, I would like the reported %REMOTEIP% to skip those addresses. -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] Living on Earth is expensive, but it does include a free trip around the sun every year. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] log expansion
I think I have things back to normal. I'm writing this off to a buggered
fpcmd.exe file. As soon as I reinstalled f-prot, things started working
properly. I even caught a klez by happenstance in the middle of the eicars,
all with both scanners, so I'm going home.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Wednesday, 22 January 2003 6:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] log expansion
>Yep. I changed the name of the old one and dropped the new one right in its
>place. I'm going to get a fresh copy of 3.12D and repeat the install, and
do
>some more Eicar testing and get this right.
If you want, you can use the debug mode ("LOGLEVEL DEBUG") until at least
one E-mail is scanned, and then E-mail me the log file off-list, and I can
probably figure out what is happening.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
RE: [Declude.Virus] log expansion
Yep. I changed the name of the old one and dropped the new one right in its place. I'm going to get a fresh copy of 3.12D and repeat the install, and do some more Eicar testing and get this right. Thanks for the insights. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, 22 January 2003 5:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] log expansion >I loaded 1.66 and the copy of fpcmd.exe from out of fp-win_312d_m.exe on >Monday morning. Since then my log files have grown dramatically, mostly from >the inclusion of countless lines like these: > >01/20/2003 12:55:00 Q37e6146 Could not find parse string Infection in >report.txt >01/20/2003 12:55:01 Q37e6146 Error 0 in virus scanner. >01/20/2003 12:55:01 Q37e6146 Scanned: Error in virus scanner. [MIME: 1 2331] > >Since I'm still investigating the failure I experienced this morning, I'm >concerned. I reverted the fpcmd.exe back to the 3.12C version, just to see >what happens, but has anyone else seen this pattern occur? Is the SCANFILE line in the \IMail\Declude\virus.cfg file pointing to the correct location for the fpcmd.exe file? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] log expansion
I loaded 1.66 and the copy of fpcmd.exe from out of fp-win_312d_m.exe on Monday morning. Since then my log files have grown dramatically, mostly from the inclusion of countless lines like these: 01/20/2003 12:55:00 Q37e6146 Could not find parse string Infection in report.txt 01/20/2003 12:55:01 Q37e6146 Error 0 in virus scanner. 01/20/2003 12:55:01 Q37e6146 Scanned: Error in virus scanner. [MIME: 1 2331] Since I'm still investigating the failure I experienced this morning, I'm concerned. I reverted the fpcmd.exe back to the 3.12C version, just to see what happens, but has anyone else seen this pattern occur? -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] You read about all these terrorists--most of them came here legally, but they hung around on these expired visas, some for as long as 10 to 15 years. Now, compare that to Blockbuster: you're two days late with a video and those people are all over you. Let's put Blockbuster in charge of Homeland Security. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] scanning timeout value
Nope, no c:\declude.gpx files, I looked for those first. And I agree with your conclusion about what happened, I just wish I had looked at the task manager to see if there were a boatload of smtp32.exe processes sitting in limbo. I'll bet there were. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, 22 January 2003 1:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] scanning timeout value >Yes, IMail was processing mail through that period. We started receiving >messages at our desktops that did not contain any declude headers, and that >was my first indication that something was wrong. The log even shows SMTP >refusals based on entries in my kill.lst file, so I'm guessing that IMail >SMTP was up. Do you have a C:\Declude.gp1 or C:\Declude.gp2 file, dated when this happened (or more recent)? >Unfortunately, I bounced the box before I did a whole lot more >investigating at the time, so I don't have much more to go on. I did pull up >the remote administrator and look at the queue, and there were many times >the usual number of items in the "Waiting Items" box, but only a single >message at a time in the "processing items". That's not normal either. What >I failed to do was to pull up the task manager and look at the open >processes before I restarted the machine. My guess here is that IMail's SMTPD process (which listens for incoming E-mail) was working, and placing files in the spool, but never starting Declude (or the SMTP32.exe process that IMail uses to deliver the E-mail after Declude is done). That would account for why there was only 1 E-mail being processed (that would be the "queue run" that runs every 30 minutes or so), and a lot of E-mail in the spool. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT: F-Prot definition updating
At least John T's suggestion actually advanced the cause of solving my problem. The solution to which was easier than I was trying to make it. %1 has the entire path to the tmp file, not just the filename. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Smith Sent: Thursday, 12 December 2002 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT: F-Prot definition updating Why mess with DOS batch files? Just write a VBScript file and use the FileScriptingObject. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett > Sent: Thursday, December 12, 2002 1:00 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] OT: F-Prot definition updating > > > Gosh, you have an actual Delete key? What a lucky, lucky man. > What wonders to mine eyes appear. > > To supplement my Delete key, I'm trying to add a line to the > cmd file along the lines of > > IF EXIST %IMAILSPOOLDIR%/MAGICSYMBOLiCANTFIGUREOUT THEN > DELETE %IMAILSPOOLDIR/MAGICSYMBOLiCANTFIGUREOUT > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of John > Tolmachoff > Sent: Thursday, 12 December 2002 12:48 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] OT: F-Prot definition updating > > > > What I've forgotten is how to purge the tmp*.tmp file that IMail > > creates. > > My favorite way is the delete key. > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the > Declude.Virus mailing list. To unsubscribe, just send an > E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the > Declude.Virus mailing list. To unsubscribe, just send an > E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by F-Proto Virus Scanner] > > --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT: F-Prot definition updating
Gosh, you have an actual Delete key? What a lucky, lucky man. What wonders to mine eyes appear. To supplement my Delete key, I'm trying to add a line to the cmd file along the lines of IF EXIST %IMAILSPOOLDIR%/MAGICSYMBOLiCANTFIGUREOUT THEN DELETE %IMAILSPOOLDIR/MAGICSYMBOLiCANTFIGUREOUT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Thursday, 12 December 2002 12:48 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT: F-Prot definition updating > What I've forgotten is how to purge the tmp*.tmp file that IMail creates. My favorite way is the delete key. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] OT: F-Prot definition updating
I have a simple cmd file called updatefprot.cmd that is a heavily modified kludge of a script that someone else on the list here created some time back. It's similar to Jerry Murdock's script that's referenced on the free tools page. I have this thing scheduled to run every so often to fish for updates. I created a program alias which I subscribed to fprots virus signatures notification service, and the alias just runs updatefprot.cmd. What I've forgotten is how to purge the tmp*.tmp file that IMail creates. Can someone remind me what the index number is of the temp file on the command line that IMail generates to invoke the script? Thanks. -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] Before you criticize someone, walk a mile in his shoes. Then when you do criticize that person, you'll be a mile away and you'll have his shoes! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] change in logs info with 1.64
Scott, you'll have to start signing as J. Scott Perry to qualify in our new secret society. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Carter Sent: Friday, 06 December 2002 3:14 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] change in logs info with 1.64 Only as long as Scott is a member. John C John Tolmachoff wrote: >>It's getting very nearly time to start the declude.john list. > > > LOL. > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot 3.12c
Something is goofy here too. I have a fp-win_312c_m.exe file sure enough, and if I open the installer with winzip and look at the contents everything important has 12/2 or 12/4 modification dates [unlike my fp-win_312b_m.exe file where everything has 9/27 & 9/30 dates], but my "new" FP-win.exe file has a version stamp of 3.12b. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Beach Sent: Wednesday, 04 December 2002 1:34 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] F-Prot 3.12c >Not yet, but I've only had it running for a half hour or so. You might want to check the version. I downloaded it 3 times, from both links (Europe and USA) on their site and from the pub directory on ftp.f-prot.com, and when I run it, it still says 3.12b. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Ban/Allow extensions
I can live with that. NB: Don't change the behavior of SKIPEXT. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, 04 December 2002 12:58 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Ban/Allow extensions >I don't see why we need a separate keyword to turn allow on or off. > >As soon as declude sees an ALLOWEXT, all attachments that aren't >specifically given an ALLOWEXT line would be blocked. All BANEXT lines >after that would be ignored. This is what we are thinking of. [1] Keep the BANEXT option the way it is (banning specified extensions). [2] Add an "ALLOWEXT" option (banning all extensions except the ones listed). [3] If both BANEXT and ALLOWEXT exist, allow all extensions, and generate an error in the logs. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] F-Prot 3.12c
Not yet, but I've only had it running for a half hour or so. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Newberg Sent: Wednesday, 04 December 2002 1:03 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] F-Prot 3.12c Has anyone tested F-Prot 3.12c yet? Any problems? Thanks, Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Ban/Allow extensions
Along the same lines as my argument a couple of weeks ago that the best solution for "vulnerabilities" checking would be to allow either declude.virus or declude.junkmail to handle them and allow the individual administrator decide which handling best served the local interests, I'd like to see a solution that allowed either approach. Seems to me there is a continuum of choices: allow all --> allow all except a few --> allow none except a few --> allow none. Few doesn't specifically have to be a small number, just look at the list of extensions people are banning now. I can see the value in all four choices according to circumstances. As a "Business" administrator I will want a stricter rein on this than what I expect an "ISP" administrator might, but I don't see the approaches as contradictory as much as I see them as complementary. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Wednesday, 04 December 2002 10:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Ban/Allow extensions For the benefit of all, I would like to see more responses to this post, as I created it to create a discussion of what is the desired course of action. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Partial Vulnerability
Same procedure. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Rooth Sent: Tuesday, 26 November 2002 9:26 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Partial Vulnerability Going back through her emails I see she is using Outlook Express 5.0and not Outlook 5.0. Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth Sent: Tuesday, November 26, 2002 08:18 To: [EMAIL PROTECTED] Subject: [Declude.Virus] Partial Vulnerability Quick question to the group... Do anyone know any settings in Outlook 5 for splitting outgoing emails? >I am getting one client that is having problems sending emails to >people. It seems several are coming back with " Partial Vulnerability" >as the virus name. She is using Outlook 5 as her email. I thought the >main reason for this is a leading blank space in the subject area. > >I told her to look for a patch on Microsoft or a security update. Do >you have any ideas (dumb question) as to how we can correct this? It sounds like she was changing settings in Outlook and set it up somehow to split outgoing E-mails into several messages, which can't be done anymore. You might want to try the Declude Virus mailing list to see if someone there knows what setting in Outlook does this. -Scott Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Partial Vulnerability
Tools --> Accounts --> "account" --> Properties --> Advanced --> clear the "break messages apart" checkbox -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Rooth Sent: Tuesday, 26 November 2002 9:18 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Partial Vulnerability Quick question to the group... Do anyone know any settings in Outlook 5 for splitting outgoing emails? >I am getting one client that is having problems sending emails to >people. It seems several are coming back with " Partial Vulnerability" >as the virus name. She is using Outlook 5 as her email. I thought the >main reason for this is a leading blank space in the subject area. > >I told her to look for a patch on Microsoft or a security update. Do >you have any ideas (dumb question) as to how we can correct this? It sounds like she was changing settings in Outlook and set it up somehow to split outgoing E-mails into several messages, which can't be done anymore. You might want to try the Declude Virus mailing list to see if someone there knows what setting in Outlook does this. -Scott Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] installed.bin
The key to my problem is that sometimes I don't have access to the LAN, so the whole network share business doesn't help. Like this past Monday when I was out of town in Pittsburgh and I was trying to monitor the situation that had been caused by the cybersitter external program that we're beta testing BUT I wasn't in Columbus where the LAN or the mailserver or any of the usual work tools are located. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Uhte, Russ Sent: Friday, 22 November 2002 2:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.Virus] installed.bin Here's what I would do... 1. Determine how I'm going to access the file (What network share am I going to use) 2. Create my batch file (In my batch file, it would map a drive to this network share using a specified username/password, then it would run the declude command and output it to my mapped drive, then it would delete the mapped drive) 3. Copy the batch file to the mail server. 4. From the mail server, create the at command. 5. Then that file can be accessed from the network share!! The key to this is to have a network share you can use. If you don't have a network share you can use, then you could set the batch file to email you the information... Not real sure how this would be done with a batch file, but I'm sure it's not too difficult... Maybe Dan could give more information on making a batch file send an email!! HTH, Russ -Original Message- From: John Shacklett [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 2:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin But, if I don't have access to the machine, then I don't have access to fire off the batch file. Because if I am physically not located somewhere with access to \\mailserver\c$ then I'm probably not going to be able to run "at \\mailserver time cmd /c senddiag.cmd". -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Shadix Sent: Friday, 22 November 2002 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin Or have the batch file that creates the file send you an e-mail with the information to you. Dan -- Original Message -- From: "Uhte, Russ" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Nov 2002 13:48:50 -0500 >So, let me get this straight... You can't do a \\mailserver\c$ and get to >your mail servers C drive? Can the mailserver get to your c drive? Our is >there a machine that both the mailserver, and your machine have access to?? >If so, you could make the batch file map a drive using a specified >username/password. >-Russ > >-Original Message- >From: John Shacklett [mailto:[EMAIL PROTECTED]] >Sent: Friday, November 22, 2002 12:27 PM >To: [EMAIL PROTECTED] >Subject: RE: [Declude.Virus] installed.bin > > >I like this idea, but I'm still trying to address the situation where I >don't have ready access to the mailserver or its C: drive. And I can't use >terminal services. And I need more information than just the version number. > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Uhte, Russ >Sent: Friday, 22 November 2002 12:12 PM >To: '[EMAIL PROTECTED]' >Subject: RE: [Declude.Virus] installed.bin > > >John, >Just a quick suggestion... If this is information you use routinely, make a >batch file that runs the command (declude -diag >C:\declude.txt) and use >the NT at command to make it run every x hours... Then you could pull that >declude.txt file and know that it was last updated x hours ago... Just my >$0.02 >-Russ > >-Original Message- >From: John Shacklett [mailto:[EMAIL PROTECTED]] >Sent: Friday, November 22, 2002 12:09 PM >To: [EMAIL PROTECTED] >Subject: RE: [Declude.Virus] installed.bin > > >No, that's exactly what I can't to do, although I understand the thinking >and appreciate the suggestion. > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Jim Matuska >Sent: Friday, 22 November 2002 11:48 AM >To: [EMAIL PROTECTED] >Subject: Re: [Declude.Virus] installed.bin > > >You could always setup terminal services or another remote access terminal >program on your server too. > >Jim Matuska Jr. >Nez Perce Tribe >Information Systems >[EMAIL PROTECTED] >- Original Message - >From: "John Shacklett" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Friday, November 22, 2002 8:54 AM >Subject: RE: [Declude.Virus] installed.bin > > >> You don't say. Anywhere I want. >> >
RE: [Declude.Virus] installed.bin
But, if I don't have access to the machine, then I don't have access to fire off the batch file. Because if I am physically not located somewhere with access to \\mailserver\c$ then I'm probably not going to be able to run "at \\mailserver time cmd /c senddiag.cmd". -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Shadix Sent: Friday, 22 November 2002 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin Or have the batch file that creates the file send you an e-mail with the information to you. Dan -- Original Message -- From: "Uhte, Russ" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Nov 2002 13:48:50 -0500 >So, let me get this straight... You can't do a \\mailserver\c$ and get to >your mail servers C drive? Can the mailserver get to your c drive? Our is >there a machine that both the mailserver, and your machine have access to?? >If so, you could make the batch file map a drive using a specified >username/password. >-Russ > >-Original Message- >From: John Shacklett [mailto:[EMAIL PROTECTED]] >Sent: Friday, November 22, 2002 12:27 PM >To: [EMAIL PROTECTED] >Subject: RE: [Declude.Virus] installed.bin > > >I like this idea, but I'm still trying to address the situation where I >don't have ready access to the mailserver or its C: drive. And I can't use >terminal services. And I need more information than just the version number. > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Uhte, Russ >Sent: Friday, 22 November 2002 12:12 PM >To: '[EMAIL PROTECTED]' >Subject: RE: [Declude.Virus] installed.bin > > >John, >Just a quick suggestion... If this is information you use routinely, make a >batch file that runs the command (declude -diag >C:\declude.txt) and use >the NT at command to make it run every x hours... Then you could pull that >declude.txt file and know that it was last updated x hours ago... Just my >$0.02 >-Russ > >-Original Message- >From: John Shacklett [mailto:[EMAIL PROTECTED]] >Sent: Friday, November 22, 2002 12:09 PM >To: [EMAIL PROTECTED] >Subject: RE: [Declude.Virus] installed.bin > > >No, that's exactly what I can't to do, although I understand the thinking >and appreciate the suggestion. > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Jim Matuska >Sent: Friday, 22 November 2002 11:48 AM >To: [EMAIL PROTECTED] >Subject: Re: [Declude.Virus] installed.bin > > >You could always setup terminal services or another remote access terminal >program on your server too. > >Jim Matuska Jr. >Nez Perce Tribe >Information Systems >[EMAIL PROTECTED] >- Original Message - >From: "John Shacklett" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Friday, November 22, 2002 8:54 AM >Subject: RE: [Declude.Virus] installed.bin > > >> You don't say. Anywhere I want. >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff >> Sent: Friday, 22 November 2002 11:46 AM >> To: [EMAIL PROTECTED] >> Subject: RE: [Declude.Virus] installed.bin >> >> >> You can always use declude -diag >C:\declude.txt or where ever you want >it. >> >> John Tolmachoff MCSE, CSSA >> IT Manager, Network Engineer >> RelianceSoft, Inc. >> Fullerton, CA 92835 >> www.reliancesoft.com >> >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett >> Sent: Friday, November 22, 2002 8:27 AM >> To: [EMAIL PROTECTED] >> Subject: [Declude.Virus] installed.bin >> >> The installed.bin file in the Declude directory has the current version >> info. Could that be expanded to include more of the declude -diag data? >> >> -- >> >> >> John Shacklett >> >> www.continentaloffice.com >> >> [EMAIL PROTECTED] >> [EMAIL PROTECTED] >> >> Before you criticize someone, >> walk a mile in his shoes. >> >> Then when you do criticize that >> person, you'll be a mile away and >> you'll have his shoes! >> >> --- >> [This E-mail was scanned for viruses by Declude Virus >> (http://www.declude.com)] >> >> --- >> This E-mail came from the Declude.Virus mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.Virus"
RE: [Declude.Virus] installed.bin
I like this idea, but I'm still trying to address the situation where I don't have ready access to the mailserver or its C: drive. And I can't use terminal services. And I need more information than just the version number. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Uhte, Russ Sent: Friday, 22 November 2002 12:12 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.Virus] installed.bin John, Just a quick suggestion... If this is information you use routinely, make a batch file that runs the command (declude -diag >C:\declude.txt) and use the NT at command to make it run every x hours... Then you could pull that declude.txt file and know that it was last updated x hours ago... Just my $0.02 -Russ -Original Message- From: John Shacklett [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 12:09 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin No, that's exactly what I can't to do, although I understand the thinking and appreciate the suggestion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Matuska Sent: Friday, 22 November 2002 11:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] installed.bin You could always setup terminal services or another remote access terminal program on your server too. Jim Matuska Jr. Nez Perce Tribe Information Systems [EMAIL PROTECTED] ----- Original Message - From: "John Shacklett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 22, 2002 8:54 AM Subject: RE: [Declude.Virus] installed.bin > You don't say. Anywhere I want. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff > Sent: Friday, 22 November 2002 11:46 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] installed.bin > > > You can always use declude -diag >C:\declude.txt or where ever you want it. > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett > Sent: Friday, November 22, 2002 8:27 AM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] installed.bin > > The installed.bin file in the Declude directory has the current version > info. Could that be expanded to include more of the declude -diag data? > > -- > > > John Shacklett > > www.continentaloffice.com > > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > Before you criticize someone, > walk a mile in his shoes. > > Then when you do criticize that > person, you'll be a mile away and > you'll have his shoes! > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have
RE: [Declude.Virus] installed.bin
No, that's exactly what I can't to do, although I understand the thinking and appreciate the suggestion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Matuska Sent: Friday, 22 November 2002 11:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] installed.bin You could always setup terminal services or another remote access terminal program on your server too. Jim Matuska Jr. Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message ----- From: "John Shacklett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 22, 2002 8:54 AM Subject: RE: [Declude.Virus] installed.bin > You don't say. Anywhere I want. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff > Sent: Friday, 22 November 2002 11:46 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] installed.bin > > > You can always use declude -diag >C:\declude.txt or where ever you want it. > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett > Sent: Friday, November 22, 2002 8:27 AM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] installed.bin > > The installed.bin file in the Declude directory has the current version > info. Could that be expanded to include more of the declude -diag data? > > -- > > > John Shacklett > > www.continentaloffice.com > > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > Before you criticize someone, > walk a mile in his shoes. > > Then when you do criticize that > person, you'll be a mile away and > you'll have his shoes! > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] installed.bin
You don't say. Anywhere I want. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Friday, 22 November 2002 11:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] installed.bin You can always use declude -diag >C:\declude.txt or where ever you want it. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett Sent: Friday, November 22, 2002 8:27 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] installed.bin The installed.bin file in the Declude directory has the current version info. Could that be expanded to include more of the declude -diag data? -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] Before you criticize someone, walk a mile in his shoes. Then when you do criticize that person, you'll be a mile away and you'll have his shoes! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] installed.bin
Right, but I'm routinely not close enough to the server to be able to actually run the command. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Friday, 22 November 2002 11:34 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] installed.bin >The installed.bin file in the Declude directory has the current version >info. Could that be expanded to include more of the declude -diag data? That's a binary file used internally by Declude, and may not show the correct version. The "Declude -diag" will always show the correct version. If you want it in a file, you can type "declude -diag > diag.txt" from a command prompt in the \IMail\Declude directory. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] installed.bin
The installed.bin file in the Declude directory has the current version info. Could that be expanded to include more of the declude -diag data? -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] Before you criticize someone, walk a mile in his shoes. Then when you do criticize that person, you'll be a mile away and you'll have his shoes! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Message Sniffer Confidence
I have Sniffer set high enough to trigger my hold level all by itself, and Sniffer plus six more points variously defined is enough to delete. [N.B.: I have heavily customized the weights.] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Trent M. DavenportSent: Friday, 08 November 2002 12:08 PMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] Message Sniffer Confidence So, after seeing the last 2 months that message sniffer is around 90% accurate, what confidence has everyone put in it? We offer our clients 2 levels of SPAM blocking. Regular (using a WEIGHT20) and Aggressive (using a WEIGHT10). Because we're an ISP, we have to be really careful about deleting legitimate email. We purchased Message Sniffer and implemented it and it is catching a bunch of messages, but the default weight is 7. With the percentage as high as it is, I'd like to give it a 17 so that if a message fails it plus 1 other test, it'll fail the regular test. Need I be that cautious? Just looking for feedback from other users of Sniffer. Trent ---Trent M. Davenport - Systems AdministratorNorthern Television Systems Ltd - WHTV203-4103 4th Avenue, Whitehorse, YT Y1A 1H6(867) 393-2225 X204, (867) 393-2224 FAXwww.whtvcable.com ( [EMAIL PROTECTED] )
RE: [Declude.Virus] Scan Leak
Depends on what you mean by old. No Spring Chicken. Certainly old enough to invest a battery in, thanks for the suggestion. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Navarre Sent: Thursday, 26 September 2002 3:42 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Scan Leak > Somehow the date on my mail server flipped to 09-25-24 last night at 8:30. > Now I have the date back and the virus scanners working, but I > think I have > a much larger headache facing me. Is it an old server? I've had a similar problem with an old machine whose battery needed to be replaced. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Scan Leak
AAARRRGH. Somehow the date on my mail server flipped to 09-25-24 last night at 8:30. Now I have the date back and the virus scanners working, but I think I have a much larger headache facing me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Shacklett Sent: Thursday, 26 September 2002 3:01 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Scan Leak Ugh. I reloaded f-prot, and I also tried reverting to definitions from earlier in the week, all so far without success. But I did notice that my updatefprot.cmd fired off at just about 8:30 last night [surprise?], so I'll keep trying. Thanks for the instant and accurate analysis, as always. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, 26 September 2002 2:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Scan Leak >I changed the log level just before I sent the last post, and I have a >couple of viruses since. Here's an excerpt for the EICAR test I sent myself: >[attached eicar.log] and today's log: [attached vir0926.zip]. F-Prot is reporting an error code of 1, which usually indicates corrupt virus definitions. I would recommend re-downloading the virus definitions, and if that doesn't take care of it, re-installing F-Prot. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Scan Leak
Ugh. I reloaded f-prot, and I also tried reverting to definitions from earlier in the week, all so far without success. But I did notice that my updatefprot.cmd fired off at just about 8:30 last night [surprise?], so I'll keep trying. Thanks for the instant and accurate analysis, as always. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, 26 September 2002 2:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Scan Leak >I changed the log level just before I sent the last post, and I have a >couple of viruses since. Here's an excerpt for the EICAR test I sent myself: >[attached eicar.log] and today's log: [attached vir0926.zip]. F-Prot is reporting an error code of 1, which usually indicates corrupt virus definitions. I would recommend re-downloading the virus definitions, and if that doesn't take care of it, re-installing F-Prot. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Usage.c-m-d
Could someone please repost the latest and greatest version of the usage.c-m-d file? I've been rooting around on mail-archives trying to track it down, but the first of March is gaining on me and I need to patch mine. -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Outlook 'CR' Vulnerability
I agree with Mike completely. Somewhere way down near the bottom of the requested new features I'd like to add: "ability to turn off some or all of the virus .eml notifications if the Outlook 'CR' Vulnerability is the only test failed." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Nice Sent: Saturday, February 23, 2002 8:55 PM To: [EMAIL PROTECTED] Subject: Re: MISSING_REVERSE_DNS:Re: [Declude.Virus] Outlook 'CR' Vulnerability I had a mini panic attack at all the spam it was catching as Outlook CR. I envisioned a bunch of list servers also using this formatting. However in practice, it is only the cheapest spamware that does this, so I left the option enabled. It makes a great mini-spamcatcher as well as blocking a potential virus problem. Thanks to Scott for giving us the tools to quickly address the vulnerability. Mike Nice - Original Message - > I'm not surprised that there is some spam out there that has this flaw. I > haven't heard of a case yet where legitimate mail was sent that way (and > even if it was, the sender would need to fix the problem on their end). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: MISSING_REVERSE_DNS:RE: [Declude.Virus] v1.40 (beta)released
Gee, Ric, good advice. Except that we consider this to be the point of the betas. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ric Stevenson Sent: Tuesday, February 19, 2002 1:07 PM To: [EMAIL PROTECTED] Subject: RE: MISSING_REVERSE_DNS:RE: [Declude.Virus] v1.40 (beta)released all the more reason... including this mornings overwhelming listserv communique... to never use a beta until it has been tested. wait for full released versions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, February 19, 2002 12:00 PM To: [EMAIL PROTECTED] Subject: RE: MISSING_REVERSE_DNS:RE: [Declude.Virus] v1.40 (beta)released >Just as an aside, I downloaded v1.40 first thing this morning [7:something >EST], and I noticed a few minutes ago that my installed.bin file was still >showing 1.39. After downloading again, it now appears to be at 1.40. That's correct. The original version we put online had the old 1.39 version number on it; it didn't get updated to show the new version number until this morning. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] headers
Can I put XINHEADER and XOUTHEADER lines in the virus.cfg file, similar to what is in global.cfg for JunkMail? OK, I know I can put the lines in there, but will they work the same way? -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] A television may insult your intelligence but nothing rubs it in like a computer. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] vir1218.log
I was looking at logfile entries more closely than usual after popping 1.30ß in after lunch, and I found these three lines. Is this something new, or have I just not been paying attention? 12/18/2001 13:11:28 Q86cf106 Found a bogus .url file 12/18/2001 13:21:29 Q892814c Error opening TNEF file C:\IMail\spool\D892814c.vir\0.dat 12/18/2001 13:22:01 Q894714a Error opening TNEF file C:\IMail\spool\D894714a.vir\0.dat -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] A Zen master once said to me "Do the opposite of whatever I tell you." So I didn't. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Declude v1.30 released (beta)
Well, while they're debating business ethics, I'll bite: How do I configure multiple virus scanning? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, December 18, 2001 1:12 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Declude v1.30 released (beta) Computerized Horizons has just released Declude Virus v1.30. Notable changes include: o Major overhaul to MIME decoding functions to support further enhancements o Declude's dependency on user32.dll was removed, which (should) prevent Declude from counting towards the depletion of Microsoft's Mystery Heap. o DELIVERERRORS ON config option will allow E-mail that a scanner reports an error on to be delivered (if neither a "Virus free" or "Virus found" code is returned). o TEMPDIR config option to let you choose the temporary directory that Declude scans files in (to allow usage with on-access scanners that can't exclude subdirectories, and for RAM disk support) o Will automatically detect F-Prot.PIF file and delete it if necessary, to prevent halt of E-mail delivery. o PRO version adds internal support for multiple virus scanners. Also, the size of the Declude.exe has been shrunk to about 1/2 of its original size, so don't be alarmed if it appears small. The beta can be downloaded from http://www.declude.com/junkmail/support/ip4r.htm . -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] McAfee NetShield Upgrade
ftp://ftp.nai.com/pub/antivirus/superdat/intel/sdat4164.exe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Serge Dergham Sent: Thursday, October 11, 2001 4:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] McAfee NetShield Upgrade thanks just tried sdat4100.exe and 4100xdat.exe that came with the CD, they both said I have the latest engine and dat files the about netshield has: Netshield for windows NT and W 2000 4.5 Virus def 4.0.4165 Scan engine 4.0.70 What is going on ? how can I get the new engines ? I just got my CD last week ? - Original Message - From: "Jerry Murdock" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 11, 2001 8:23 PM Subject: Re: [Declude.Virus] McAfee NetShield Upgrade > 1: 4.0.70 must be 2-3 years old now. Run SDAT ASAP, the scanner isn't > worthless, but there are plenty of things that require the newer engines. > > 2: I don't like ME much. Haven't used it recently enough to help you. I've > moved almost all clients with a corporate desktop solution to Trend > Officescan. > > 3: See #2 > > Jerry > > - Original Message - > From: "Serge Dergham" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 11, 2001 3:22 PM > Subject: Re: [Declude.Virus] McAfee NetShield Upgrade > > > > Hi jerry, > > > > few questions if you have the time: > > > > 1- I keep getting this type of alert from netshield: > > > long to complete and is being canceled. Scan engine version used is 4.0.70 > > DAT version 4.0.4164.> > > How can avoid this, is there a timeout or a time limit I can change ? > > > > 2- I am playing with ME (management edition), I downloaded and saved latest > > DAT with netshield, and used it to updated other machienes with netshield, > > but could not use it on machines with Viruscan, it gives a message that it > > could not get update.ini > > any idea what to do ? > > > > 3- can/should we use sdat with ME ? > > > > TIA > > > > > > - Original Message - > > From: "Jerry Murdock" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, October 11, 2001 7:10 PM > > Subject: Re: [Declude.Virus] McAfee NetShield Upgrade > > > > > > > Yes. > > > > > > - Original Message - > > > From: "Charles Stanley" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, October 11, 2001 3:06 PM > > > Subject: Re: [Declude.Virus] McAfee NetShield Upgrade > > > > > > > > > > At 12:03 PM 10/11/01, you wrote: > > > > >If you just mean the engine, download and run the latest SDAT.exe. > > > > > > > > This will update the engine for the server version of Netshield? > > > > > > > > This E-mail came from the Declude.Virus mailing list. To > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > > type "unsubscribe Declude.Virus". You can E-mail > > > > [EMAIL PROTECTED] for assistance. You can visit our web > > > > site at http://www.declude.com . > > > > > > > > > This E-mail came from the Declude.Virus mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus". You can E-mail > > > [EMAIL PROTECTED] for assistance. You can visit our web > > > site at http://www.declude.com . > > > > > > > > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". You can E-mail > > [EMAIL PROTECTED] for assistance. You can visit our web > > site at http://www.declude.com . > > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > > This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Magstr.39921
My Declude/McAfee caught it straight away. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Monday, October 08, 2001 11:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Magstr.39921 >Attached is the Imail Mailbox with a virus tha got thru today This may be the corrupted version of Magistr, that some AV programs detect and others do not. I tried F-Prot with the latest definitions, and McAfee, and neither caught it. The corrupt version of Magistr does not do any damage if run. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: MISSING_REVERSE_DNS:RE: [Declude.Virus] two scanner Support
another request -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hirthe, Alexander Sent: Thursday, October 04, 2001 9:20 AM To: '[EMAIL PROTECTED]' Subject: MISSING_REVERSE_DNS:RE: [Declude.Virus] two scanner Support Hello Scott, > >Scott, any chance of getting declude to support two scanners natively > >without using a batch file? > It's in the suggestion database. It's not requested that > often, but I do think that it would be a nice feature to have built-in support for. Request ;-) Greetings Alex This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] v1.25a released
It works for me, very well. And thank you to everyone who suggested the kill.exe program. That works very well as well. Well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gerald Woods Sent: Thursday, September 06, 2001 11:39 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] v1.25a released Does this variable work now? %REMOTEIP% - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 04, 2001 07:54 PM Subject: Re: [Declude.Virus] v1.25a released > > > > spaces in the path, and adds a %REMOTEIP% variable that can be used in the > > > .eml template files to display > > > >Please consider the possibility of adding these variable in the log files in > >future upgrades > > This will be in the next release; it will be available at LOGLEVEL MID or > higher. > -Scott > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] 1.25a issues
I have not been following the various threads concerning performance issues with the newest declude version because I've not experienced the problems that some of the rest of you have been having, BUT I arrived at the office this morning to an array of nastygrams from my users that the mailserver was sluggish or nonresponsive, and discovered a single declude process that had been running just shy of 16 hours and was eating up 90+% of CPU utilization and the system was locked in at 100% total. This has never happened before, and I just stuck the new "official" 1.25a version yesterday morning. The unsettling thing was when I tried to kill that process in task manager, I was prevented. Told me I couldn't. And I was logged in as administrator. So I bounced the box and all seems better, but I think I'm going to put an active watch on the machine today and see what happens. -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Statistics
Here's the top of today's log: 08/30/2001 00:01:16 Qba8b108 MIME file: [text/html][7bit] 08/30/2001 00:01:17 Qba8b108 Scanned: Virus Free [MIME: 2 14502] 08/30/2001 00:04:28 Qbb4b13a Scanned: Virus Free [MIME: 1 827] 08/30/2001 00:07:24 Qbbfc13c MIME file: [text/html][7bit] 08/30/2001 00:07:26 Qbbfc13c Scanned: Virus Free [MIME: 1 1396] 08/30/2001 00:08:09 Qbc29150 MIME file: [text/html][7bit] 08/30/2001 00:08:11 Qbc29150 Scanned: Virus Free [MIME: 2 1523] 08/30/2001 00:10:17 Qbca8154 Scanned: Virus Free 08/30/2001 00:20:51 Qbf22154 MIME file: [text/html][7bit] 08/30/2001 00:20:52 Qbf22154 Scanned: Virus Free [MIME: 1 16465] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, August 30, 2001 3:28 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Statistics >LOGLEVELhigh >LOG_OK NONE Are you getting the "Virus Free" messages in the log, or are you getting other ones? It may be that some of the LOGLEVEL HIGH messages will get recorded whether or not the E-mail has a virus in it. -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] Statistics
# # Declude Virus configuration file # CODE LOGFILE C:\IMail\spool\vir.log LOGLEVELhigh LOG_OK NONE -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, August 30, 2001 2:58 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Satistics >It's funny you should mention that, I was just looking at my /SPOOL/ >directory and my vir.log files are huge. I have LOG_OK NONE in my >virus.cfg, and have had for ages, but I have acres of virus free lines in >the logs nonetheless. Are you sure it's just "LOG_OK NONE" (exactly that, with the underscore)? -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] sir cam
I already had /ALL in my SCANFILE line, and I have the latest virus definitions updated every morning at three o'clock, so I think I was trying my best. And I am catching the great majority of SirCam-infected offerings, but I've had at least a half dozen get past. Including two more this morning. I haven't tried F-Prot yet, so I suppose it remains my last, best hope. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Friday, July 27, 2001 12:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] sir cam >We've had a handful of Sir*Cam critters sneak in under the declude/mcafee >shield. Has anyone else noticed anything similar? First, make sure you have the "/ALL" switch on the SCANFILE line in \IMail\Declude\virus.cfg. That makes sure that it will all files, regardless of extension, to cover .pif and .lnk extensions that might go unscanned. Next, make sure that you have downloaded the latest virus definitions from McAfee. We've seen several cases where the new definitions did not work, but have been told that a reboot may take care of that. If it still isn't getting caught, send the eicar.com test file through (you can do this from http://www.declude.com/tools using the Test Mail Sender). If that gets caught, but Sircam isn't, I would recommend switching to F-Prot ( http://www.frisk.is ). -Scott This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: Re: [Declude.Virus] v1.15 issue
I haven't had a chance to get v1.16 yet, but when I started having problems with 1.15 I reverted back to 1.14. Then, for some unknown reason, I started getting every e-mail notification message twice. I'm going to hold off on 1.16 until someone clarifies the situation mentioned in Gary Cuppett's message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Sunday, March 11, 2001 4:08 PM To: [EMAIL PROTECTED] Subject: DUL: Re: [Declude.Virus] v1.15 issue >FYI, we have just had a report from people using v1.15 that E-mail >notifications are sometimes being sent out to/from the incorrect domain >(the %LOCALHOST% and %REMOTEHOST% variables are being switched). This is >something that we are looking into; I will post here when we find out what >the problem is. We have identified and fixed a problem with v1.15 (beta) that is fixed in v1.16 (beta), where the %LOCALHOST% variable could be improperly determined (using the remote domain instead of the local domain). v1.15 switched from using the actual recipient to using the intended recipient. With IMail, if you had an alias "[EMAIL PROTECTED]" that pointed to "[EMAIL PROTECTED]", and a user sent an E-mail to "[EMAIL PROTECTED]" (the intended recipient), it will actually go to "[EMAIL PROTECTED]" (the actual recipient). Before v1.15, Declude would use the actual recipient. Starting with v1.15, Declude now uses the intended recipient. This helps prevent confusion, and prevents a minor security problem (users could find out what address(es) an alias points to by sending the eicar.com file to it). The problem with the %LOCALHOST% variable appears to have been a side-effect of this change. The actual recipient would use the official domain name, whereas the intended recipient could use a domain alias. Declude was just checking official host names to see if a domain was local or not, and not checking domain aliases. So, if an E-mail was delivered to a local user (but using a domain alias, such as mail.declude.com instead of declude.com), Declude would think that the E-mail was destined for a remote user, and would use the sender's address as the "local host". v1.16 has just been released that fixes this, as well as another minor issue that came up with v1.15 where several blank lines would be added to the beginning of the E-mail notifications. Anyone who was using v1.15 should upgrade to v1.16, but be sure to send a test eicar.com E-mail through (you can go to http://www.declude.com/tools and use the "Test E-mail Sender" to send it if you like) to make sure that the notifications are being sent properly. -Scott [ This E-mail came from the Declude.Virus mailing list. To ] [ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ] [ type "unsubscribe Declude.Virus yourname". You can E-mail] [ [EMAIL PROTECTED] for assistance. You can visit our web ] [ site at http://www.declude.com . ] [ This E-mail came from the Declude.Virus mailing list. To ] [ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ] [ type "unsubscribe Declude.Virus yourname". You can E-mail] [ [EMAIL PROTECTED] for assistance. You can visit our web ] [ site at http://www.declude.com . ]
RE: [Declude.Virus] Trouble with sender/recipient addresses
I show 1.12 as 246 kb. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Carter Sent: Friday, February 16, 2001 1:40 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Trouble with sender/recipient addresses Far less scientific: my "old" copies of Declude are ver#File size === 1.10235 kb 1.11241 kb 1.11b 241 kb 1.12(never got it) 1.13254 kb 1.14267 kb I guess there was a reason I didn't delete the old versions. John "R. Scott Perry" wrote: > > >how do we check which version of declude we are currently on? > > Actually, it turns out there isn't a convenient way to find out. Declude > JunkMail will put the version in the log file if you use the debug mode, > but it turns out that doesn't work with Declude Virus. > > The inconvenient way to do it is to go to the command prompt, go to \IMail, > and type 'FIND "1.0" declude.exe' and then 'FIND "1.1" declude.exe'. One > of the two will show you the version number. > -SCott > > [ This E-mail came from the Declude.Virus mailing list. To ] > [ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ] > [ type "unsubscribe Declude.Virus yourname". You can E-mail] > [ [EMAIL PROTECTED] for assistance. You can visit our web ] > [ site at http://www.declude.com . ] [ This E-mail came from the Declude.Virus mailing list. To ] [ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ] [ type "unsubscribe Declude.Virus yourname". You can E-mail] [ [EMAIL PROTECTED] for assistance. You can visit our web ] [ site at http://www.declude.com . ] [ This E-mail came from the Declude.Virus mailing list. To ] [ unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ] [ type "unsubscribe Declude.Virus yourname". You can E-mail] [ [EMAIL PROTECTED] for assistance. You can visit our web ] [ site at http://www.declude.com . ]
