Re: [Declude.Virus] REVDNS:SpamTrap Page
Before you develop this idea much further, I highly recommend you talk to Dusty (from the imail list). There are some very real legal implications, and he's regrettably had to experience them first hand. We've also had some issues of this nature ourselves. Great ideas, just proceed with caution. Jonathan At 09:59 AM 8/5/2001 -0400, you wrote: >>http://www.declude.com/spamtrap.htm >> >>Scott, I find this interesting. Sometimes spam is deleted >>by Declude and sometimes not if it is not in the databases >>yet. My Imail keyword filters take over at that point. They >>were stopping Sir*Cam before McAfee got it working.. >> >>So I have a question... I'd personally like to have recommended >>filters for Imail extra fast as things break. If you watch the >>Imail list everybody is looking for fast rules code. >> >>When I look at the above link, I am wondering if this is >>generated by you or by spam databases, > >It is generated by us. We have a number of spamtraps, that are designed >specifically to gather spam. When E-mail comes in to them, we see which >test(s) they fail, and save the information so that it can be picked up by >the web page. > >>and I wonder if on this listserver you could autogenerate information to >>make rules >>faster than the virus companies and spam databases can respond? > >This sounds like a good idea, but I do see some problems with it. The >main one is in determining how to identify the spam -- by IP, subject, or >From: address? By IP address is pretty safe -- lots of people would be >willing to reject all E-mail from a domain that has recently sent >spam. But, we probably only receive a small portion of all spam, and >there's a good chance that other customers of ours will receive the spam >before us (depending on how the spammer chooses to order his list). > >>I have not been able to use SPAMHEADERS and BADHEADERS as they >>caught too much legitimate email. Rules tend to be more useful >>sometimes. > >Just a quick word about BADHEADERS: The only legitimate mail it can catch >is mail sent from broken mail clients. > -Scott > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: ORBL:Re: [Declude.Virus] Internal email sending virus'
ow .. :( This is something you really should have listed on your pre-sales information pages ... I would have been very interested in knowing this before purchasing the product. Jonathan At 06:12 AM 8/7/2001 -0500, you wrote: >From: "R. Scott Perry" <[EMAIL PROTECTED]> > > It will work on all E-mail, with the exception of outgoing web messaging > > E-mails (the E-mails themselves are safe, just any attachments that users > > upload can not be scanned). This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: ORBL:Re: [Declude.Virus] Internal email sending virus'
At 01:43 PM 8/7/2001 -0400, you wrote: >At 11:38 AM 8/7/01 -0500, you wrote: >>ow .. :( >>This is something you really should have listed on your pre-sales >>information pages ... I would have been very interested in knowing this >>before purchasing the product. > >We are planning to update our web site to make this clearer. However, you >can have an on-access scanner set to scan the \IMai\spool directory >(without scanning subdirectories), and you are fully protected. As >mentioned in a previous E-mail, it is not common for viruses to spread in >this way. >-Scott Unless you have a user with somewhat malicious intent. . :) I asked you this in a private message earlier, but there's no way to restrict F-Prot's on-access scanner to certain directories, is there? I haven't been able to find much information concerning those configs from them -- and they still haven't even sent me the registered version yet. Jonathan This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] FW: WARNING: YOU WERE SENT A VIRUS
Admittedly, I haven't looked too much at the new features (I usually steer clear of anything "beta", unless I have the time to test it). But, is there a way to make it look to something in the user directory (say, the finger file or such) for the per-user scanning? Just thinking of easy ways to tie it into web messaging, and allow users to disable or enable virus scanning on their account. I don't know that we'd want to be able to allow all users to, just a thought .. Jonathan At 12:16 PM 8/18/2001 -0400, you wrote: >>This is a never ending loop. The user receives my mail and the virus sends a >>new email. > >One option would be to turn off scanning for that user, using the new >per-domain/per-user scanning. > >Another option would be to use the IMail "kill list" to block E-mail from >that user. > >I'll see if there may be a way to detect this automatically in Declude. > -Scott > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Multiple Scanners
We just had another issue, where a different magistr virus got through F-Prot, and hit a machine with NAV. In this case, NAV picked it up (different virus). It's a little disappointing the F-Prot isn't catching them, and that they hadn't gotten back to me on the original one I sent them. My question is, is there any "official" support of multiple scanners in declude coming? Or should we look at just using one of the scripts posted to the list, or writing something on our own? Thanks, Jonathan This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Multiple Scanners
Yep, I realize it was a corrupted virus .. people still get a little shifty when their scanner catches something, though. Or, when they get a "scary attachment". Your thoughts exactly -- if others catch it, they should too .. (but yea, that's always a matter of opinion - and compromise) Guess we'll go with a script .. thanks, Jonathan At 11:39 PM 8/19/2001 -0400, you wrote: >>We just had another issue, where a different magistr virus got through >>F-Prot, and hit a machine with NAV. In this case, NAV picked it up >>(different virus). It's a little disappointing the F-Prot isn't catching >>them, and that they hadn't gotten back to me on the original one I sent them. > >FYI, the other one was a corrupt virus, and appears to be non-executable >(and therefore is not truly a virus). However, if the others are catching >it, F-Prot really should too. > >>My question is, is there any "official" support of multiple scanners in >>declude coming? Or should we look at just using one of the scripts posted >>to the list, or writing something on our own? > >Although this is something that has been on the suggestion database for a >while, it does not have a high priority right now. At this point, using a >batch file would be the best bet. > -Scott > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] F-Prot Stuff
F-Prot support finally got back to me on that virus I submitted on the 13th. "We will add this virus to the database. Thank you." A half month turn-around on any virus issue, even if it's not a threat, seems a bit .. umm .. unreasonable? It's been letting more Sircom viruses through as well. I'm getting a little bit on the frustrated side with it, is anyone else seeing this type of stuff? Thanks, Jonathan This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] F-Prot Stuff
I used the suggested command lines from the declude documentation: SCANFILEC:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB Jonathan At 09:14 PM 8/30/2001 -0400, you wrote: >What's your command line? > >- Original Message - >From: "Jonathan" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, August 30, 2001 9:01 PM >Subject: [Declude.Virus] F-Prot Stuff > > > > F-Prot support finally got back to me on that virus I submitted on the > > 13th. "We will add this virus to the database. Thank you." > > > > A half month turn-around on any virus issue, even if it's not a threat, > > seems a bit .. umm .. unreasonable? > > > > It's been letting more Sircom viruses through as well. I'm getting a little > > bit on the frustrated side with it, is anyone else seeing this type of >stuff? > > > > Thanks, > > > > Jonathan > > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". You can E-mail > > [EMAIL PROTECTED] for assistance. You can visit our web > > site at http://www.declude.com . > > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] F-Prot Stuff
hmm .. it seems maybe I have more problems, as of a few days ago .. there haven't been any vir* log files recently. F-prot also stopped updating itself, but it had been earlier .. I checked the command line in the config, and it's correct. (copied and pasted it to a prompt, scanned a file, etc). Jonathan At 09:22 PM 8/30/2001 -0400, you wrote: >>A half month turn-around on any virus issue, even if it's not a threat, >>seems a bit .. umm .. unreasonable? > >I'm quite surprised that it would take them that long to deal with the issue. > >>It's been letting more Sircom viruses through as well. I'm getting a >>little bit on the frustrated side with it, is anyone else seeing this >>type of stuff? > >I haven't heard of F-Prot letting the Sircam virus through (if the virus >definitions are up to date). Are there any error messages showing up in >the Declude log files? > -Scott > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] F-Prot Stuff
*hides* I forgot to change the registry key back, after the Imal 7.x installer overwrote it on upgrade. I'm sorry for the false alarm. I'm still a bit concerned why the auto-updater stopped updating, though .. and why it's taking Frisk so long to respond on these issues. At any rate, all of that can wait until later, though. You're probably right, /PACKED is a wise idea. I didnt notice it wasn't scanning compressed files already -- thought it did by default. Thanks, Jonathan At 12:14 AM 8/31/2001 -0400, you wrote: >FWIW, I also have /PACKED and /COLLECT on my line. > >I do not have /TYPE, as either /DUMB _OR_ /TYPE can be used, but supposedly >not both together. I use /DUMB. Don't know if it really hurts to have both >though. > >Jerry > > >- Original Message - >From: "Jonathan" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, August 30, 2001 11:38 PM >Subject: Re: [Declude.Virus] F-Prot Stuff > > > > I used the suggested command lines from the declude documentation: > > SCANFILEC:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM > > /ARCHIVE /NOFLOPPY /NOBOOT /DUMB > > > > > > Jonathan > > > > At 09:14 PM 8/30/2001 -0400, you wrote: > > >What's your command line? > > > > > >- Original Message - > > >From: "Jonathan" <[EMAIL PROTECTED]> > > >To: <[EMAIL PROTECTED]> > > >Sent: Thursday, August 30, 2001 9:01 PM > > >Subject: [Declude.Virus] F-Prot Stuff > > > > > > > > > > F-Prot support finally got back to me on that virus I submitted on the > > > > 13th. "We will add this virus to the database. Thank you." > > > > > > > > A half month turn-around on any virus issue, even if it's not a threat, > > > > seems a bit .. umm .. unreasonable? > > > > > > > > It's been letting more Sircom viruses through as well. I'm getting a >little > > > > bit on the frustrated side with it, is anyone else seeing this type of > > >stuff? > > > > > > > > Thanks, > > > > > > > > Jonathan > > > > > > > > This E-mail came from the Declude.Virus mailing list. To > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > > type "unsubscribe Declude.Virus". You can E-mail > > > > [EMAIL PROTECTED] for assistance. You can visit our web > > > > site at http://www.declude.com . > > > > > > > > >This E-mail came from the Declude.Virus mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.Virus". You can E-mail > > >[EMAIL PROTECTED] for assistance. You can visit our web > > >site at http://www.declude.com . > > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". You can E-mail > > [EMAIL PROTECTED] for assistance. You can visit our web > > site at http://www.declude.com . > > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: DSN:Re: [Declude.Virus] F-Prot Stuff
Well, it doesnt replace the the "smtp file", but it does change the registry entry back to using ipswitch's smtp binary, rather than passing it through declude first. Jonathan At 11:56 PM 8/30/2001 -0500, you wrote: >If you are running imail and did the latest upgrade to 7.03 you will have to >reinstall declude as the smtp file is replaced during the imail >update. Happened >to me and i did not notice right away as well. > >Herb > >Jonathan wrote: > > > hmm .. it seems maybe I have more problems, as of a few days ago .. there > > haven't been any vir* log files recently. F-prot also stopped updating > > itself, but it had been earlier .. I checked the command line in the > > config, and it's correct. (copied and pasted it to a prompt, scanned a > > file, etc). > > > > Jonathan > > > > At 09:22 PM 8/30/2001 -0400, you wrote: > > > > >>A half month turn-around on any virus issue, even if it's not a threat, > > >>seems a bit .. umm .. unreasonable? > > > > > >I'm quite surprised that it would take them that long to deal with the > issue. > > > > > >>It's been letting more Sircom viruses through as well. I'm getting a > > >>little bit on the frustrated side with it, is anyone else seeing this > > >>type of stuff? > > > > > >I haven't heard of F-Prot letting the Sircam virus through (if the virus > > >definitions are up to date). Are there any error messages showing up in > > >the Declude log files? > > > -Scott > > > > > >This E-mail came from the Declude.Virus mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.Virus". You can E-mail > > >[EMAIL PROTECTED] for assistance. You can visit our web > > >site at http://www.declude.com . > > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". You can E-mail > > [EMAIL PROTECTED] for assistance. You can visit our web > > site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Virus Scanner Termination
We've been having a few issues with those comctl32 crashes, especially when large mailing lists are posted to. We've gone through the steps noted in the KB, as well as updating IE (which they say updates the comctl32), however are still having the issues. I was poking through the vir* logs today, and found several of these around the time of the crash today. Any correlation? 11/13/2001 13:18:28 Q71c75a6 ERROR: Virus scanner didn't finish after 60 seconds; terminating. I just updated Declude to 1.28beta (after we saw the problems), in keeping up to date. As a side note, with the new features in Pro, is there a way to have it scan mailing lists (or "users", I guess) for virii, but not send out the notification? Thanks, Jonathan This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Virus Scanner Termination
So, just installing the updated version should "fix" the problem? Should I just delete the value MaxQueProc all together? Thanks, Jonathan At 08:48 PM 11/13/2001 -0500, you wrote: >>We've been having a few issues with those comctl32 crashes, especially >>when large mailing lists are posted to. We've gone through the steps >>noted in the KB, as well as updating IE (which they say updates the >>comctl32), however are still having the issues. > >Is it a ".DLL initialization failure" or "0xC142" error? If so, you >can go to http://www.declude.com/dq.htm and find more information >there. It's caused by a nasty combination of an undocumented Microsoft >resource, combined with the service-started processes that IMail >creates. Declude v1.28 incorporates Declude Queue, which will help out. > >>I was poking through the vir* logs today, and found several of these >>around the time of the crash today. Any correlation? >> >>11/13/2001 13:18:28 Q71c75a6 ERROR: Virus scanner didn't finish after 60 >>seconds; terminating. > >That could be related. If those are just happening around the time of the >crash, it may be that the crashes aren't causing the scanner process to >end, in which case Declude would automatically terminate them after 60 >seconds (to help minimize problems). > >>I just updated Declude to 1.28beta (after we saw the problems), in >>keeping up to date. > >Before or after this happened? > >>As a side note, with the new features in Pro, is there a way to have it >>scan mailing lists (or "users", I guess) for virii, but not send out the >>notification? > >No, that is not possible at this time. However, if the list is set up not >to accept E-mail from people who are not subscribed, it should reject mail >(it's happened a couple times on this list, but the notifications are blocked). > -Scott > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Declude v1.29 beta released
Great .. lookin' good Scott. Any chance of a way to filter who doens't get virus notifications yet? I still want it to scan everything, just not send the notifications out to mailing lists. It'd be nice if we could add a list of addresses not to notify. I know that checking if it's a list or not would get messy, as it'd have to scan the registry or odbc source for imail info .. or check headers for bulk precedence I guess..which wouldn't be reliable anyway. For the time being, I suppose I could change the virus notification to come from someone other than root, and add them to the kill lists on each list. . messy, but it'd work .. Jonathan At 08:08 PM 12/6/2001 -0500, you wrote: >We have just released Declude Virus v1.29. > >Notable new features include: > >o The ability to send a "bounce" message to people sending banned files >(BANEXT), >o A new DELETEVIRUSES configuration option to delete viruses rather than >quarantine them, >o A FOOTER option to add a footer to the bottom of scan E-mails >o TNEF support has been added >o A new BANCLSID option has been added to ban CLSID file extensions > >You can download the new beta from http://www.declude.com/virus/manual.htm . > -Scott > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Re: [Declude.Virus] Magistr.32678
So is it "safe" to upgrade an NT4 machine to the 3.11b version of F-prot thats currently on their site? I had seen some issues on here before, but didnt really pay attention until now (since we need to upgrade the engine now). Thanks, Jonathan At 05:16 PM 1/11/2002 -0600, you wrote: >They do have an e-mail autonotification of updates. >I just signed up for it a couple of days ago. >I can't find my notes right now but I did send a verification of >subscription request to > [EMAIL PROTECTED] > >John Olden - Systems Administrator >Champaign Park District > > >- Original Message - >From: "David Setzer" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Friday, January 11, 2002 4:55 PM >Subject: Re: [Declude.Virus] Magistr.32678 > > > > That's it, I was running 3.10c. Would be nice if they could auto >update > > their .exe when you update defs, or at least warn you. Do they send >out > > notifications about program updates? > > > > BTW - I thought you couldn't have an on-access scanner running on the > > machine with Declude and the command line scanner. To make Declude >work we > > had to uninstall F-prot and reinstall it without the on-access option. > > > > Thanks > > > > David > > > > - Original Message - > > From: "R. Scott Perry" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, January 11, 2002 5:41 PM > > Subject: Re: [Declude.Virus] Magistr.32678 > > > > > > > > > > >Has anybody seen Magistr.32768@mm get through lately? We have a >user > > that > > > >got infected today and transmitted it to another user. My F-Prot >defs > > were > > > >1.7.02 but this one is much older. This brings me to an important > > > >question... > > > > > > F-Prot will catch Magistr.32768@mm, but it requires that you be >running a > > > recent version of F-Prot (3.11 or higher I think). > > > > > > >Does Declude catch messages that go between users on the same >domain? > > All > > > >three involved here were on the same domain. > > > > > > It does, unless they are sent through web messaging (in which case >you can > > > have an on-access scanner set to scan the \IMail\spool directory, >but not > > > the subdirectories off of it). > > > -Scott > > > > > > --- > > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > > > This E-mail came from the Declude.Virus mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus". You can E-mail > > > [EMAIL PROTECTED] for assistance. You can visit our web > > > site at http://www.declude.com . > > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". You can E-mail > > [EMAIL PROTECTED] for assistance. You can visit our web > > site at http://www.declude.com . > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] F-Prot Updater
Thanks for the script, Jerod - it'll make a good stop-gap for now. :) Pretty tempting to do a date/time check on those files, considering their size. I prefer to do hourly updates of AV defs. Never know when having them a few hours earlier can save some headache. Anyone out there have a script that does tests before it downloads? Something like this could be plowed through pretty quickly with some of those perl ftp mods. Jonathan At 06:33 PM 1/15/2002 -0800, you wrote: >Here's the one we use. > >Jerod M. Bennett >Director of Media Production >Pixelpushers, Inc. > > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan >Sent: Tuesday, January 15, 2002 5:22 PM >To: [EMAIL PROTECTED] >Subject: Re: [Declude.Virus] F-Prot Updater > > >I'd rather not use the updater, but I haven't seen any of these scripts >people keep talking about. I'm sure they're around, but I haven't seen >em.. I certainly don't insist on using that clumsy gui, though. :) > >Jonathan > >At 08:04 PM 1/15/2002 -0500, you wrote: > >One of the reasons I don't use the updater. > > > >If you insist on using the updater, schedule it with AT and kill the > >updater.exe process if it is still running after 10 minutes or so. > > > >Jerry > > > >- Original Message - > >From: "Jonathan" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Tuesday, January 15, 2002 7:55 PM > >Subject: [Declude.Virus] F-Prot Updater > > > > > > > One question I had concerning F-Prot (I suppose this isn't the > > > place, but you guys know the situation). > > > > > > Once in a while (right now, actually), the updater throws a "Failed > > > to retrieve information about available updates. Please check if > > > your Internet connection is working and try again. System error: > > > The operation timed out". What concerns me, is that this dialog > > > sits on the screen, waiting for an OK, even if it's been scheduled. > > > > So is the next scheduled event going to happen? Or does someone need > > > > to watch the screen and OK these dialogs? > > > > > > Just thought someone here might know, or that you guys would want to > > > > keep an eye out yourselves. > > > > > > Jonathan > > > > > > --- > > > [This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > > > > > > This E-mail came from the Declude.Virus mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > > "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] > > > for assistance. You can visit our web site at > > > http://www.declude.com . > > > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > > > >This E-mail came from the Declude.Virus mailing list. To unsubscribe, > >just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > >Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. > >You can visit our web site at http://www.declude.com . > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To unsubscribe, >just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe >Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. >You can visit our web site at http://www.declude.com . > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] JS.Menger.Worm & Norton AV
This morning JS.Menger.Worm slipped through Declude+F-Prot. NAV on the desktop caught it, but of course, it's still discouraging. Is anyone using Norton AV as their secondary Declude scanner? We've got NAV Corp edition, which includes a DOS version, but I don't see a win32 command-line version. Are you using the DOS version? Seems like that'd be a real cludge since it runs under NTVDM/etc. Otherwise, what else are people running as secondary scanners, and where did you get them? (ie: what package/license/etc) Thanks in advance, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] JS.Menger.Worm & Norton AV
At 12:57 PM 2/14/2002 -0500, you wrote: >>This morning JS.Menger.Worm slipped through Declude+F-Prot. NAV on the >>desktop caught it, but of course, it's still discouraging. Is anyone >>using Norton AV as their secondary Declude scanner? We've got NAV Corp >>edition, which includes a DOS version, but I don't see a win32 >>command-line version. Are you using the DOS version? Seems like that'd >>be a real cludge since it runs under NTVDM/etc. > >FYI, Sophos only announced the JS.Menger.Worm (aka Coolnow) about 2 hours >before your post, and McAfee hasn't even announced it yet. So it is very >new (I'm surprised that NAV caught it). Norton AV Corp Edition caught it at 6:00 this morning .. sounds like the virus maker has something against me personally, I got one of the first copies. :) Pity NAV won't work, it's done really well for us. I dug through mcafee's site, trying to find a version with a CLI binary, tried installing 6.01 on my workststion, but I don't see a command-line version there either. Which product is it in? Otherwise I spose maybe I'll look into trend .. I'm not terribly fond of them, though. Jonathan >You can't use Norton with Declude, as they don't include a real command >line scanner (there is one that can be used manually, but if you use it in >an automated environment, such as with Declude, it will always report that >files are virus-free, regardless of whether or not it finds a virus). > -Scott > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] JS.Menger.Worm & Norton AV
Whoops -- didn't see that it put it in Common Files, expected it to be in the Mcafee folder. Is there an FTP/etc way of updating it, if I just want to copy the scan.exe + dependances to the server, and not do a full install? I assume I could grab the superdat and execute it .. but yuck.. Thanks again, Jonathan At 02:22 PM 2/14/2002 -0500, you wrote: >>Pity NAV won't work, it's done really well for us. I dug through >>mcafee's site, trying to find a version with a CLI binary, tried >>installing 6.01 on my workststion, but I don't see a command-line version >>there either. Which product is it in? > >It is in all their VirusScan and NetShield products -- you sometimes have >to do a Full Install in order to get the scan.exe file to install. >-Scott > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Notification Messages
I'm sure this is a question that's been answered a hundred times, but I'm not easily finding the answer now. Is there a way to set up custom EML files for different domains? Also, can you set up different rules for how viruses get handled per domain? (ie: certain domains, all viruses get sent to a certain box). Thanks, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Notification Messages
At 04:48 PM 2/26/2002 -0500, you wrote: >>Is there a way to set up custom EML files for different domains? > >No, there is not. Drat. Do you know if this feature is anywhere on the near-future list? We've got some customers that'd prefer not to have the notifications coming out "from" us, and I'd rather not just write really generic emls. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] F-Prot version
Is there an easy way to tell the version of F-Prot.exe? I know you can tell which definitions it's running with f-prot /virno, but I dont see anything about the executable's version there. TIA, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] F-Prot version
doh. I guess some things are just too easy .. thanks. I'll blame it on being tired on a Sunday morning ;) I thought the F-Prot executable was being updated by that wget script you wrote a while back, but it looks like I'm still running 3.12. Jonathan At 12:54 PM 3/24/2002 -0500, you wrote: >Scan any file(even a nonexistent file), the version number is in the banner of >the output - or - run without any parameters, and it should be displayed in >the top banner of the UI. > >Jerry > >- Original Message - >From: "Jonathan" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Sunday, March 24, 2002 12:45 PM >Subject: [Declude.Virus] F-Prot version > > > > Is there an easy way to tell the version of F-Prot.exe? I know you can tell > > which definitions it's running with f-prot /virno, but I dont see anything > > about the executable's version there. > > > > TIA, > > Jonathan > > > > --- > > [This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". You can E-mail > > [EMAIL PROTECTED] for assistance. You can visit our web > > site at http://www.declude.com . > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] DSN:New Version of Virus Log Analyzer
I've tried using this thing a few times .. and always come up with the same problem. Am I missing something? Relatively new version of declude installed (not the *latest* beta, but current), and all I get is: Log NameVirus Count Total Scanned vir0508.log 0 67 vir0509.log 0 38 I know there were viruses on those days .. every day. :) Jonathan At 04:28 PM 5/9/2002 -0500, you wrote: >Something for the future? How about Inbound and outbound counts by domain >for those of us who use the Pro version and need/want stats on a per domain >basis. > >Steven > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > > Sent: Thursday, May 09, 2002 11:29 AM > > To: [EMAIL PROTECTED] > > Subject: [Declude.Virus] DSN:New Version of Virus Log Analyzer > > > > > > New version of the Virus Log Analyser has been posted. > > > > http://www.csonline.net/imailstuff/viruslog.htm > > > > The report will now show inbound and outbound counts for the individual > > viruses detected. > > > > Example: > > Virus Summary by Count --- > > > > Count Inbound/Outbound Name > > 10090 / 10W32/Klez.H@mm > > 150125/ 25W32/Hybris.worm.B > > > > > > Stu > > -- > > --- > > CSOnline Technical Support hours - Monday thru Saturday 7am - 1am > > CSOnline Technical Support Numbers Seneca814-677-2447 > > Clarion 814-227-3638 > > Meadville 814-425-1696 > > Parker724-399-1158 > > http://www.csonline.net http://www.cshowcase.com >http://www.learncenter.com > >- > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] DSN:New Version of Virus Log Analyzer
Sorry -- wasn't set to MID, I must have overlooked something somewhere .. didn't see that documented. Thanks, Jonathan At 06:12 PM 5/9/2002 -0400, you wrote: >Jonathan, > >What is the LOGLEVEL in your virus.cfg file set to ? >It should be set to the MID Level > >LOGLEVEL MID > >If yours is curently set to MID then send me one of your recent log files >and I will look at it to see what might be happening. > >Stu > > >At 04:38 PM 05/09/2002 -0500, you wrote: > >I've tried using this thing a few times .. and always come up with the same > >problem. Am I missing something? Relatively new version of declude > >installed (not the *latest* beta, but current), and all I get is: > > > >Log NameVirus Count Total Scanned > >vir0508.log 0 67 > >vir0509.log 0 38 > > > >I know there were viruses on those days .. every day. :) > > > >Jonathan > > > >At 04:28 PM 5/9/2002 -0500, you wrote: > >>Something for the future? How about Inbound and outbound counts by domain > >>for those of us who use the Pro version and need/want stats on a per domain > >>basis. > >> > >>Steven > >> > >> > -Original Message- > >> > From: [EMAIL PROTECTED] > >> > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > >> > Sent: Thursday, May 09, 2002 11:29 AM > >> > To: [EMAIL PROTECTED] > >> > Subject: [Declude.Virus] DSN:New Version of Virus Log Analyzer > >> > > >> > > >> > New version of the Virus Log Analyser has been posted. > >> > > >> > http://www.csonline.net/imailstuff/viruslog.htm > >> > > >> > The report will now show inbound and outbound counts for the individual > >> > viruses detected. > >> > > >> > Example: > >> > Virus Summary by Count --- > >> > > >> > Count Inbound/Outbound Name > >> > 10090 / 10W32/Klez.H@mm > >> > 150125/ 25W32/Hybris.worm.B > >> > > >> > > >> > Stu > >> > -- > >> > --- > >> > CSOnline Technical Support hours - Monday thru Saturday 7am - 1am > >> > CSOnline Technical Support Numbers Seneca814-677-2447 > >> > Clarion 814-227-3638 > >> > Meadville 814-425-1696 > >> > Parker724-399-1158 > >> > http://www.csonline.net http://www.cshowcase.com > >>http://www.learncenter.com > >> > > >>- > >> > >>--- > >>[This E-mail was scanned for viruses by Declude Virus > >>(http://www.declude.com)] > >> > >>This E-mail came from the Declude.Virus mailing list. To > >>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >>type "unsubscribe Declude.Virus". You can E-mail > >>[EMAIL PROTECTED] for assistance. You can visit our web > >>site at http://www.declude.com . > >> > >>--- > >>[This E-mail was scanned for viruses by Declude Virus > >>(http://www.declude.com)] > >> > >>This E-mail came from the Declude.Virus mailing list. To > >>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >>type "unsubscribe Declude.Virus". You can E-mail > >>[EMAIL PROTECTED] for assistance. You can visit our web > >>site at http://www.declude.com . > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus". You can E-mail > >[EMAIL PROTECTED] for assistance. You can visit our web > >site at http://www.declude.com . > > > > >- >CSOnline Technical Support hours - Monday thru Saturday 7am - 1am >CSOnline Technical Support Numbers Seneca814-677-2447 >Clarion 814-227-3638 >Meadville 814-425-1696 >Parker724-399-1158 >http://www.csonline.net http://www.cshowcase.com >http://www.learncenter.com >- > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] McAfee
It sticks it in common files, or some weird location as I recall .. do a full drive search for it.. Jonathan At 06:09 PM 5/14/2002 -0400, you wrote: >>I have just installed NetShield, (full install disabled on demand,) but >>I do not see a scan.exe in the directory. I do see the scan32.exe, but >>according to the virus manual, that is not the one to use for command >>line. >> >>I even ran a manual scan to see if it would create it. > >You may need to do a Full Install. Also note that it may install it to a >directory of its choosing instead of the one you tell it to, so you may >want to search your hard drive for scan.exe. >-Scott > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] Porn Filtering
We've been running Declude Junkmail, and it's caught quite a few, but we're really heavily overrun with spam and porn mail still. I haven't had the time (nor the budget) to do much more in the way of filtering -- it seems like stuff just keeps costing, the more spam you try to catch. :) Let me know if you find anything, though. Jonathan At 03:25 AM 5/29/2002 -0500, you wrote: >I wanted to find out how I could use Decludes Junk fail filtering to 86' the >porn emails sent to out network? Is there a database such as ORBS that >maintains a list of porn Spammers to help us delete this stuff? > >Scott R. Morgan >[EMAIL PROTECTED] >SUPERIOR RESTAURANT MANAGEMENT SERVICES >(512) 443-3979 >(512) 416-9621 (Fax) > >USPA A-29450 >Only a skydiver knows why the birds sing >They don't have to repack a parachute every time they land!!! > >--- >[This E-mail scanned for viruses by Declude Virus] > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] F-Prot Virus Bulletin Rating
Has anyone ever noticed that Frisk F-Prot failed the Virus Bulletin rating? http://www.virusbtn.com/vb100/archives/tests.xml?200206 Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] An FYI if you have a slow server shutdownand restart situation for any reason
Excellent point. Personally, I think the "safer" and better alternative, would be to stop the SMTP service, then shut down. You don't really want to do anything to your server that may cause headaches in the future, such as a fast shutdown. A little "shutdown script" on the desktop works well for situations like this. We've done it in a lot of cases where a 'clean shutdown' is desirable, such as properly terminating services in a certain order, etc. Jonathan At 02:21 AM 6/15/2002 -0400, you wrote: >Perhaps this tidbit will save someone some stress in the future and prevent >them from staying up as late as I am right now; I've gotten such excellent >value out of this mailing list I feel as if I should contribute! > >I was having a W2K issue that was causing a very slow shutdown (about 15 >minutes) on the way to rebooting. > >Anyway, during that shutdown process, the operating will prevent some or all >new processes from launching, including clearly Declude in this case, >because--examining the log files later on--it was a major Klez party for >that 15 minutes. My heart skipped a few beats seeing all the Klez traffic >making it through until I figured out what had happened, and that all was >well after the reboot. > >Next time if shutdown is dragging I'll just hit the power switch or try >W2K's "emergency reboot" (Ctrl-Alt-Del then hold down Ctrl while pressing >Shutdown). > >Evan Eggers > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Domain-specific features
How far down the list are the domain-specific features? We're running into a real serious need for the following things: - Domain-specific white lists (would be excellent if these were in a separate "include" file) - Domain-specific email templates Domain specific header text (warnings, "Scanned By", etc) would be great, but not as important as the above. Any current workarounds, or idea on slated implementation of these? Thanks, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] New viRUS - W32.Liac
Interesting new virus, shouldn't take long till we start seeing this show up in our traps, I'm afraid .. http:[EMAIL PROTECTED] Symantec Security Response is reporting a new Level 3 mass mailer worm Called W32.Liac.A@mm. W32.Liac.A@mm is a mass mailer that emails itself to all addresses in the Outlook Address Book. Security Response is currently analyzing the worm, more information will follow. Tentative ETA for Intelligent Updater defs is 8:30 AM US Pacific Standard Time, tentative ETA for LiveUpdate definitions is 9:00 AM US Pacific Standard Time. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Per-Domain Features - any progress?
Has there been any progress on the per-domain features, such as domain-specific whitelists(Junkmail)? and domain-specific notification messages(Virus)? We're finding ourselves in a bit of a pinch without these abilities. Also, is there any way to do an include in the config files? We'd like to give people the option to modify parts of their own domain's configs without letting them touch the entire files. Thanks, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] Declude Virus and AVG
Is anyone using Declude with AVG 6? If so, how are you automating the updates without installing the whole thing onto the server? It seems to run just fine with avg.* and avg6.avi. However, I don't see which definition file should be downloaded from their ftp. I don't really care to install their auto update util on the server. Any other experiences here? Seems like AVG will make a nice addition to f-prot and Mcafee (and maybe dump Mcafee is licensing doesn't get better). Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] korea.services.net blacklist
I think I'm OT here .. but I don't think I'm subscribed to the Junkmail list. Is there a separate one? Either way, is anyone using korea.services.net for an RBL? By the sounds of it, it's pretty much every ARIN block registered in korea. It might be alright for a weighted rule .. any success or deny stories to tell? Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.Virus] Declude Virus v1.60 (release) released
At 09:26 PM 9/16/2002 -0400, you wrote: >> I assume stuff will keep changing as upgrades keep coming out .. > >Yes. :) > >The config files are backwards compatible, however. You mean forward-compatible, right? :) It'd be nice if we could globalize things a bit .. maybe I'll have to write a script the generate those silly directories with files in em.. Might as well ask - any progress on the custom email messages per domain yet? It's been a few months, time for me to annoy you again.. customers still whining .. :) Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.Virus] Declude Virus v1.60 (release) released
At 05:10 PM 9/17/2002 -0400, you wrote: >>It'd be nice if we could globalize things a bit .. maybe I'll have to >>write a script the generate those silly directories with files in em.. > >Declude Virus doesn't use directories; do you mean Declude JunkMail? Yep - my original post was more or less for Junkmail. I don't think I'm subscribed to the Junkmail list, and I tend to cross my virus and junkmail queries in the same email. Guess that's a bad thing .. >>Might as well ask - any progress on the custom email messages per domain >>yet? It's been a few months, time for me to annoy you again.. customers >>still whining .. :) > >It's still sitting on the "to-do" list... Thanks, keep me posted. :) Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus Scanner Recommendations?
F-Prot and Mcafee, respectively. Jonathan At 11:35 AM 10/8/2002 -0700, you wrote: >Hi all, > >I'm shoppin' for a virus app. Lots to choose from. Which would you >recommend for use with Declude.Virus? > >Thank you. > >Dave > > >--- >[This E-mail scanned for viruses by Declude Virus] > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus".The archives can be found >at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] False catch of Outlook Mime
Is there a way to either globally allow "Outlook 'MIME header' Vulnerability" from a certain remote address? The remote address is sending a wav file, via sendmail -- everything seems to be properly done, but Declude is catching it, thinking it's unsafe. If that's not possible, how do you globally allow mail to pass unscanned from a certain remote user? Or does it *need* to be on a per-local-domain basis? Thanks, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] False catch of Outlook Mime
At 02:22 PM 1/4/2003 -0500, you wrote:
Is there a way to either globally allow "Outlook 'MIME header'
Vulnerability" from a certain remote address?
No.
If that's not possible, how do you globally allow mail to pass unscanned
from a certain remote user? Or does it *need* to be on a per-local-domain
basis?
You would have to disable scanning *to* the user.
What version of Declude Virus are you running ("\IMail\Declude -diag" from
a command prompt)? I believe there a beta that would cause false
positives on .wav files that were sent without an E-mail (IE an attachment
only, without a message body (even a blank one) being sent).
Diagnostics ON (Declude v1.60).
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
Re: [Declude.Virus] False catch of Outlook Mime
I also just updated to the current 1.65, just in case that was the issue.
It doesn't seem to make a difference, though.
I kept my same configs for both AV and Junkmail from 1.60, I hope they're
forward compatible?
Jonathan
At 01:28 PM 1/4/2003 -0600, you wrote:
At 02:22 PM 1/4/2003 -0500, you wrote:
Is there a way to either globally allow "Outlook 'MIME header'
Vulnerability" from a certain remote address?
No.
If that's not possible, how do you globally allow mail to pass unscanned
from a certain remote user? Or does it *need* to be on a
per-local-domain basis?
You would have to disable scanning *to* the user.
What version of Declude Virus are you running ("\IMail\Declude -diag"
from a command prompt)? I believe there a beta that would cause false
positives on .wav files that were sent without an E-mail (IE an
attachment only, without a message body (even a blank one) being sent).
Diagnostics ON (Declude v1.60).
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
Re: [Declude.Virus] False catch of Outlook Mime
I e-mailed you off-list with the offending code ..
Jonathan
At 02:38 PM 1/4/2003 -0500, you wrote:
What version of Declude Virus are you running ("\IMail\Declude -diag"
from a command prompt)? I believe there a beta that would cause false
positives on .wav files that were sent without an E-mail (IE an
attachment only, without a message body (even a blank one) being sent).
Diagnostics ON (Declude v1.60).
Could you E-mail me one of the D*.SMD files (from the \IMail\spool\virus
directory) that got caught? I can check to see whether or not it is
properly formatted, and can test it here.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
Re: [Declude.Virus] Template options
Any word on being able to have custom email templates on a per-domain or per-group basis? You know me, I have to ask every couple months ... Jonathan At 02:25 PM 1/20/2003 -0500, you wrote: Scott, do you have a web page with a list of all available options -with examples if possible- to set at the begining of the E-Mail template files. It would be very useful for reference. We are planning to add a section to the manual that lists all of them, but do not have a section for them yet. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] server-based encryption
I actually don't think it'd be too bad .. the keys would be stored on the mail server, the program you call would find the body, encrypt it, pass declude a return true, or however it's handled, and away it goes out to the world. You are, of course, assuming that the user isn't using webmail, and that they're using the imail box to send mail (relay). The other catch would be decryption .. maybe not so difficult either. Jonathan At 04:56 PM 1/22/2003 -0500, you wrote: That would be ideal. But is it feasible? If so, don't forget to include me on the royalties! :) -Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Sent: Wednesday, January 22, 2003 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] server-based encryption Maybe something could be scripted and called via declude .. an external .. might not be so difficult .. Jonathan At 09:10 AM 1/22/2003 -0500, you wrote: >I was initially going to implement PGP, but I have about 10 internal >users (that would each need a digital certificate) sending to two or >three external users (that would need to install the public keys from >all of my internal users). That's a lot of administration. > >I even tried setting up a computer running MS Outlook 2002 with the >following... > >Receive mail on Account A >Setup a rule to forward all messages from Account A out on Account B >Setup PGP on Account B > >Therefore internal users send mail to Account A. The rule forwards the >mail to external users via encrypted Account B. > >It seems logical enough, but Outlook 2002 would default to sending out >on Account A rather than B, because the mail was originally received on >Account A. I even tried changing the default account, but it never >worked correctly. > >-Scott > > > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Jeff Maze - >Hostmaster >Sent: Wednesday, January 22, 2003 8:48 AM >To: [EMAIL PROTECTED] >Subject: RE: [Declude.Virus] server-based encryption > >Have you tried PGP on the client side? > >I've used it before, but the only problem is that you have to distribute >your public key to everyone that you're sending messages to. Then they >have >to install PGP on their machine, create a public key for them, and then >install your public key to read your message. > >Also, there was a big security hole discovered in PGP a few months ago. >I >haven't heard anything about it recently as to whether they've fixed it >or >not. > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Declude Forum >Sent: Wednesday, January 22, 2003 8:35 AM >To: [EMAIL PROTECTED] >Subject: RE: [Declude.Virus] server-based encryption > > >I tried a VPN between the sites, but the IT staff at the other site >(different company) couldn't get their act together. I use a VPN for my >own >remote sites without any problems. > >I currently use SSL on the webmail interface, but for this instance the >external users would need internal mail accounts. > >It would be nice if there was a simple app, like declude, that would >encrypt >outgoing emails. A suggestion for a future release ;-) > >-Scott > > > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan >Sent: Tuesday, January 21, 2003 10:28 PM >To: [EMAIL PROTECTED] >Subject: Re: [Declude.Virus] server-based encryption > >In our case, its a many to many, and not all the sites will be on our >mail >servers. I'd rather not have all those sites tunneling into our server, > >just for management overhead. But mostly, we need a way to let >end-users >send secure messages to people on a variety of ISPs etc. One being AOL! >ick >.. hence my self-extracting file, or client pgp. > >Jonathan > >At 03:50 PM 1/21/2003 -0800, you wrote: > >If you are looking at just 2 primary sites, why not use a site to site >vpn > >to encrypt date between your locations. > > > >Jim > >- Original Message - > >From: "Jonathan" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Tuesday, January 21, 2003 3:47 PM > >Subject: RE: [Declude.Virus] server-based encryption > > > > > > > oops .. responded too quickly. I guess that wouldn't be >server-side, > >would > > > it? :) Sorry .. > > > > > > We've been using webmail in secure mode (yuck), and dabbling a bit >with > >SSL > > > POP and SMTP.. but of course this doesn't help with remote users. I >was > &g
Re: [Declude.Virus] Changed name of server, now no SPAMfiltering..
As memory serves me, your license is based on the main domain name of your server. Just email declude and they'll issue you a new key, I'm guessing.. Jonathan At 10:09 AM 2/4/2003 -0500, you wrote: Hello, This morning, I had to change the name of the web server (by means of registry entries), and since then, it appears as though the spam messages are not being routed to where they should, nor being delivered. I looked in the config files, but didn't find anything there. Is it something with the registration key? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] W32/Sobig.A
Anyone else seeing an increase in W32/Sobig.A today? Looks like it's gonna take off just like the rest of em .. :\ Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32/Sobig.A
We tend to prefer to let the AV scanners do their job, rather than having per-virus rules. Mostly, because it's a never-ending battle to keep up, but also for example, if Boss Game Studios decided to use [EMAIL PROTECTED] for their new game announcement or somethin. :) Thanks for the suggestion, though .. Jonathan At 07:54 PM 2/16/2003 -0500, you wrote: Hi Jonathan: Sobig is actually an easy virus to totally block... We have simply added [EMAIL PROTECTED] to our Kill list in the SMTP tab. Sobig only comes (apparently) from this address. Per Symantec: == The W32.Sobig.A@mm worm sends itself to all the addresses it finds in the .txt, .eml, .html, .htm, .dbx, and .wab files. The email message has the following characteristics: From: [EMAIL PROTECTED] Subject: The subject will be one of these: === So simply add [EMAIL PROTECTED] to your kill list at IMail SMTP tab and forget it. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Sent: Sunday, February 16, 2003 7:42 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] W32/Sobig.A Anyone else seeing an increase in W32/Sobig.A today? Looks like it's gonna take off just like the rest of em .. :\ Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Declude Virus v1.70 (beta) released
I see the details about "Auto White List" in the fixes, but I don't recall ever seeing anything in the manual about the feature at all? Am I missing something? Sounds like something we might want .. :) Jonathan At 05:07 PM 5/28/2003 -0400, you wrote: We have just released Declude Virus v1.70 (beta). See http://www.declude.com/virus/manual.htm . Notable changes since the last beta include: o Will now use the virus name from the first scanner, if multiple scanners are used. o Will now look at both intended and actual recipient addresses for per-user settings. Other additions and fixes can be found in the release notes, at http://www.declude.com/relnotes.htm . Anyone with an up-to-date Service Agreement is entitled to free upgrades (see http://www.declude.com/agree.htm for information on the Declude Service Agreement). --- Quick Resource Reference: Tech Support: [EMAIL PROTECTED] Mailing List: Send E-mail to [EMAIL PROTECTED] with "subscribe declude.virus your name" in the body New Releases List: Send E-mail to [EMAIL PROTECTED] with "subscribe declude.releases your name" in the body Troubleshooting: See manual URL above; look at "Troubleshooting" section Emergency Uninstall: See manual URL above; look at "Emergency Uninstall" section Urgent Support: urgent @declude.com (for urgent/time-sensitive issues only) Declude Addons/Tools URL: http://www.declude.com/tools Manual: http://www.declude.com/virus/manual.htm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Forging Viruses
Does anyone have a semi-current list of forging viruses? I'd appreciate if someone could just paste me that block of their config - I haven't been keeping up on the forging ones. Thanks, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Forging Viruses
right-click the link, save-as.. :) Jonathan At 05:14 PM 7/2/2003 -0700, you wrote: Hey Scott, I started to send out this advice, as well. However, it appears that there is a problem with all of the .eml links. They are showing up like: mhtml:http://www.declude.com/Release/170/sender.eml and even removing the "mhtml:" at the beginning of the URL does not fix it, it just comes right back. Bill - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 3:29 PM Subject: Re: [Declude.Virus] Forging Viruses > > >Does anyone have a semi-current list of forging viruses? I'd appreciate if > >someone could just paste me that block of their config - I haven't been > >keeping up on the forging ones. > > You can find the latest ones that we know of by going to > http://www.declude.com/virus/manual.htm and looking at the sender.eml or > otherpostmaster.eml files. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you have been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sobig, the next wave?
Not exactly a new idea ... :) http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html At 07:54 PM 8/26/2003 -0700, you wrote: I like that idea very much... - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 26, 2003 1:56 PM Subject: RE: [Declude.Virus] Sobig, the next wave? Ok, this calls for a white hat virus creator. A virus that will infect all these unpatched computers, and the only thing it does is create a big bold red popup every 15 minutes that says Patch your computer, you dummy. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > Sent: Tuesday, August 26, 2003 1:44 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Sobig, the next wave? > > > >People a typically unaware that their machine is infected - because it > >continues to function perfectly. > > That is very true. > > We infected a computer in our virus lab with Sobig.F, and you couldn't tell > anything unusual was happening. The file didn't seem to do anything when > it was run (so the recipient probably figures that the attachment didn't > get downloaded or something like that, and probably won't even say "Yes, I > ran the program" when asked by an admin), and the only noticeable > differences on the system were a couple extra registry entries and system > files (files in the \Winnt directory and \Winnt\system32 directory), and a > program running in Task Manager (something like "winsst32.exe" that doesn't > look unusual). > > People who are infected probably would have a somewhat slower Internet > connection, but that's probably about all they would notice. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you have been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] How to stop the zip of death
I wonder if you could maliciously embed tar files in a GZipped archive .. then another gz within the tar .. etc. Reason being, Winzip will see the tar, and responsd "Would you like me to extract the .tar?". Not that it's much worse, but the user might keep hitting yes more easily .. I suppose another option would be to make a self-extracting archive that has a post-extract script, to execute another self-extracting archive. Calling it with the right extract and silent args would make winzip loop, right? Jonathan At 12:26 PM 9/17/2003 -0400, you wrote: Does anyone have a solution for stopping the zip of death? It shouldn't affect Declude Virus. This script sends the 42.zip recursive archive to the mail server. If there is an antivirus filter, it may start eating huge amounts of CPU or memory. 42.zip: ZIP archive, 42K, composed of nested zips (nested 6 levels deep, each level 17 wide) - produces a file 4GB in size and will reportedly crash 'most email virus checkers'. In this case, a well behaved virus scanner would see that the size of the file(s) was too big, and respond appropriately (preferably with an error code indicating a suspicious file). However, the beauty of Declude Virus is that even if the virus scanner crashes, it won't crash the server. That one E-mail will get through, but the E-mail itself isn't a problem (if the recipient opens it, he'll have a similar problem -- he'll need 4GB of space on the hard drive in order to open it, and should get very suspicious by the amount of time it is taking to unzip). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Offtopic question
It seems to be a log file that Photoshop generates, when you do the html output functions, and it has a problem. Jonathan At 10:01 AM 12/15/2003, you wrote: You all are the only admins I know so lemme ask you. :) Does anyone have a idea what a iserror.log file is? I have no clue. these files be in folders with pictures. Go to any search engine, type iserror.log and hit search. All hits are examples of these files. (big yay :S) The only place I saw ppl asking what it was, was at a german forum. (note that my german is near 0) Yet if I read it correct, noone knew. So you got any ideas? I know I don't. D.C. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Windows 2003 + Imail
So, for whoever said Imail on win2k3 was stable / usable, it most certainly is not. :) Has anyone had problems with the queue manager just deciding to stop delivering stuff? Need to go in and do a send all to get things going again .. weird little stuff, lots of it .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] W32.Netsky.B@mm Slipping through
Has anyone seen a lot of W32.Netsky.B slipping through? We see tons of them getting trapped, but we've also had lots of reports of them getting through. Ordinarily, we just tell people that they're just corrupted versions, but we've had many more reports than usual with Netsky.B. I haven't verified that it's the actual virus -- I'm not sure of the best way to do this. If they can get me a quarantined version, is there an MD5 checksum published for it? Any comments? Any way they could be slipping through? Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Netsky.B@mm Slipping through
Sidenote to the above .. I ran F-Prot (right from the mail server, actually) on one of the files from quarantine. stuff.com.dont-execute Infection: W32/[EMAIL PROTECTED] Results of virus scanning: Files: 1 MBRs: 1 Boot sectors: 1 Objects scanned: 3 Infected: 1 Why didn't declude tag it? I don't see any errors in the vir* logs, and others have been getting infected notices. Thoughts? Jonathan --- Has anyone seen a lot of W32.Netsky.B slipping through? We see tons of them getting trapped, but we've also had lots of reports of them getting through. Ordinarily, we just tell people that they're just corrupted versions, but we've had many more reports than usual with Netsky.B. I haven't verified that it's the actual virus -- I'm not sure of the best way to do this. If they can get me a quarantined version, is there an MD5 checksum published for it? Any comments? Any way they could be slipping through? Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Netsky.B@mm Slipping through
We've gotten several, here are a couple: 02/18/2004 10:33:12 Q93c835e1004873e1 Scanned: Virus Free [MIME: 2 22065] 02/18/2004 15:56:37 Qdf95a7880150b2de Scanned: Virus Free [MIME: 2 22057] Running F-Prot, Mcafee and now AVG. Jonathan At 07:53 AM 2/21/2004, you wrote: Has anyone seen a lot of W32.Netsky.B slipping through? No. > Why didn't declude tag it? I don't see any errors in the vir* logs, and others have been getting infected notices. What does the Declude Virus log file say for that E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Netsky.B@mm Slipping through
I realize this generally does mean it's corrupt -- but you're missing the "scary" part. If I scan the file that came in with the same install of F-Prot, (from the mail server), it catches it as Netsky. Jonathan At 06:23 AM 2/23/2004, you wrote: We've gotten several, here are a couple: 02/18/2004 10:33:12 Q93c835e1004873e1 Scanned: Virus Free [MIME: 2 22065] 02/18/2004 15:56:37 Qdf95a7880150b2de Scanned: Virus Free [MIME: 2 22057] Running F-Prot, Mcafee and now AVG. The "Virus Free" message means that none of the virus scanners detected a virus. Most likely, these are corrupt, non-viable variants. With Netsky, we've seen a version in .ZIP files that were corrupt (yet about the same size as normal), so that it would not be possible to extract the virus out of the .ZIP file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] W32.Netsky.B@mm Slipping through
Doubtful - we've been catching the same Netskys both before and after these slipped through. Hundreds of em. Jonathan At 06:43 AM 2/25/2004, you wrote: I realize this generally does mean it's corrupt -- but you're missing the "scary" part. If I scan the file that came in with the same install of F-Prot, (from the mail server), it catches it as Netsky. If scanning it from F-Prot on the mailserver catches it, it should get caught when Declude Virus calls F-Prot (assuming that F-Prot is working, the eicar.com file gets caught, and there are no messages in the log file when the E-mail with the virus is scanned). We aren't aware of any cases where the same copy of F-Prot with the same virus definitions will catch an attachment that passes through Declude Virus. Is it possible that the virus definitions were updated after the E-mail first arrived? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Netsky.P Occasionally Slips through?
Actually, I am running the newest F-Prot, and they're still slipping through. Winzip opens these files just fine as well, and Symantec Corp seems to be able to scan and detect the issue without any problems. They keep rolling in, makes me a little nervous, and customers sure hate it. I'd block the suspicious ones from F-Prot, but I just know people are tossing around macro'd XLS and DOCs all the time. Jonathan At 06:44 AM 3/30/2004, you wrote: I sent one. There have been several, not sure if the one I sent is indicative of all of them, but it's the only one I could easily get out of a local quarantine. A standard copy of pkunzip.exe won't extract the virus from the .ZIP file you sent, so it is probably corrupt. I would recommend upgrading to the latest version of F-Prot -- I believe that they came out with a new version to address .ZIP files like this one. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] ClamAv
Running ClamAV under cygwin? Wow, that seems like a horrible performance hit on any type of high volume mail server. Jonathan At 06:22 PM 11/19/2004, you wrote: Sorry, I figured it out... Thanks Jeff Kratka TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Friday, November 19, 2004 4:04 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] ClamAv I just started to try out Clam AV and so far it's been catching more than F-Prot did. Is there a switch to have Declude add the virus name to the Declude logs.My config in the virus .cfg is SCANFILE C:\imail\declude\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox -l report.txt VIRUSCODE 1 REPORT FOUND Jeff Kratka TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Upgrade issues
So is this why the new versions have an actual installer? Off-topic, but I think Microsoft did the world a great disservice by introducing hardware-tied activation as an accepted practice. Sidenote, how exactly do these magical failsafes work? Can we expect 1-2 days before it nags us to re-activate, or .. ? Like many others, I'd rather not learn all of this at 3am during a maintenance window. :) Jonathan At 05:47 PM 12/21/2004, you wrote: Am I hearing correctly that, beginning with 2.0, licensing is tied to the MAC address? Correct. If so, what about those of us who load balance the traffic to the server across multiple NICs? This is a must to avoid downtime due to failure of a NIC (it's saved our bacon a couple of times). Also, if a NIC is replaced, or we migrate to a different server, what is the process the get a new license key...and is that available 24/7/365? We absolutely need to be able to handle these situations immediately without waiting until the next business day to get a new license key. The built-in failsafes are designed to ensure that you won't need to wait until the next business day to get a new license key. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Upgrade issues
Perhaps now would be a good time for Barry to comment on this thread. Jonathan At 08:56 AM 12/22/2004, you wrote: A) major technical/setup changes to the availability/installability are made without proper warning (even in a public beta)! Actually, the IMail version should work exactly as before, without any availability/installability issues. The software should run fine with the existing activation codes. The SmarterMail version does require the new activation system, but as a new product, that's just how it works. B) users have to accidentally "trip" over these issues before you "fess up" (I don't care for this underhanded approach - I'm sure you have some non-compliant users, but that's no reason to treat your paying customers like criminals!) I personally prefer the old system. C) after disclosure is requested, it's been two days without you offering more than overly generic answers. Unfortunately, I am not able to provide more detailed answers. If Barry feels it is appropriate, he may shed some more light on the situation. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Who is minding the store
Douglas Cohn wrote: Using this forum for support is certainly less expensive to the company ... unless you're charging for support, then it could be viewed as a losing proposition to assist in free support. I fear this may be the mindset. This view, is, of course, entirely wrong; as you mentioned, our R&D feedback is very valuable-worth more than a support contract. Plus, if they actually integrate our feedback, we'll buy the support agreement in order to download the latest fruits of our labor. :) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] F-Prot Alternative
I've found several bugs in the win32 implementations of ClamAV (some really ugly stuff), but none that really effect the scanning of viruses. Since that post was made, I think it's safe to say that ClamAV has made a bit of headway on performance. I'd be interested in seeing a head to head comparison again, but my light testing now showed it to scan a 0.10MB file in about 0.52seconds. I do like the fact that it has a nice, clean, fast updater as well .. no goofy stuff to work around, and no need to hack out a script. Jonathan Matt wrote: Chuck, Search the archives for "scanner efficiency olympics". It's a year old now, and I was primarily focused on performance instead of accuracy. F-Prot is the king of speed, however it seems to have several hiccups each year, and there seems to be a slew of different things happening lately. I think it is good to pair F-Prot with another scanner, but that requires Declude Virus Pro. If I was going to choose one scanner and had plenty of spare CPU, I would probably choose McAfee based on accuracy and speed combined, but as Nick indicated, it is hard to purchase unless you want a full network installation. Matt Colbeck, Andrew wrote: Matt posted the authoritative roundup in a head to head comparison when he revamped his Declude Virus setup. Unless he chimes in here with an updated answer, the answer is somewhere in the archives. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Monday, May 02, 2005 2:03 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] F-Prot Alternative We have been running F-prot as the virus scanner with Declude for over a year but lately it seems to have more and more bugs in it. What do others recommend as low-cost scanners to work with declude? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] OT? Imail to Smartermail conversion
So, we're looking at moving some servers from Imail to Smartermail. Anyone care to give me their 2-cents on what to expect as far as migration pains? I noticed their little migration utility converts mailboxes/etc, but I didn't see anything about listservs and the like. What other stuff are we likely to run into? Corrupted mailboxes? Any manual recovery or such? Does the utility run fairly quickly? Also, any catches with Declude? I haven't really been following the politics since we've stayed on 1.x, is 2.x fairly stable now? Thanks for any thoughts -J --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] OT? Imail to Smartermail conversion
Thanks David, I'd appreciate anything info you could pass along! Jonathan David wrote: We converted to SmarterMail in January - best decision we ever made! Very few glitches, which I can dig out information on if you decide to go forward/need - but nothing major at all. I did not personally run the conversion, but can get some timings for you if you want. SmarterMail has been so much better than iMail that you won't believe it! :)) It doesn't get backlogged, or hung or anything and it uses a fraction of the server resources. The web interface is *much* better! We converted around a 1,000 domains with 6,000 or so users - again, IIRC, this is "off the top". We did not install Declude right away, mostly because it was in Beta at the time IIRC. In any case, we installed Declude Virus/F-Prot in mid-March I think and it has worked fine. HTH. In my little mind SmarterMail was a great choice by Declude! :)) Thank you, David Weber Windows 2000 MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support - Original Message - From: "Jonathan" <[EMAIL PROTECTED]> To: Sent: Wednesday, May 04, 2005 8:01 PM Subject: [Declude.Virus] OT? Imail to Smartermail conversion So, we're looking at moving some servers from Imail to Smartermail. Anyone care to give me their 2-cents on what to expect as far as migration pains? I noticed their little migration utility converts mailboxes/etc, but I didn't see anything about listservs and the like. What other stuff are we likely to run into? Corrupted mailboxes? Any manual recovery or such? Does the utility run fairly quickly? Also, any catches with Declude? I haven't really been following the politics since we've stayed on 1.x, is 2.x fairly stable now? Thanks for any thoughts -J --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
