Re: [Declude.Virus] False Positives
Kevin, could you please send me one of the actual emails that was caught by the 'uuencoding bad end' Vulnerability as an attachment? Also, could you put your virus.cfg file in debug mode and send me the entire log snip from the next message that is caught by this vulnerability? You can send it directly to me if you like. My email address is lpagi...@declude.com. Thanks. -- From: Linda Pagillo lpagi...@declude.com Sent: Sunday, May 09, 2010 7:07 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] False Positives You're welcome, Kevin and thanks for the log snip. I sent it over to development to obtain more detailed information about it. I will let you know as soon as I receive a response. -- From: Kevin Rogers ke...@rootdesign.com Sent: Friday, May 07, 2010 6:02 PM To: declude.virus@declude.com Cc: Linda Pagillo lpagi...@declude.com Subject: Re: [Declude.Virus] False Positives Thanks for your help Linda. Here are a couple log snippets of the 'uuencoding bad end' Vulnerability 05/06/2010 15:39:30.823 q126c7cd3e05f.smd Vulnerability flags = 65 05/06/2010 15:39:31.854 q126c7cd3e05f.smd 'uuencoding bad end' vulnerability in line 208152 05/06/2010 15:39:32.166 q126c7cd3e05f.smd Scanned: CONTAINS A VIRUS [UU: 2 46771][MIME: 3 13110006] 05/06/2010 15:41:21.916 qa51e7cdae07c.smd Vulnerability flags = 65 05/06/2010 15:41:22.932 qa51e7cdae07c.smd 'uuencoding bad end' vulnerability in line 203543 05/06/2010 15:41:23.276 qa51e7cdae07c.smd Scanned: CONTAINS A VIRUS [UU: 2 46771][MIME: 3 12819408] On 5/7/2010 7:31 AM, Linda Pagillo wrote: Hi Kevin. Thanks for your post. I first would like to explain that what you are seeing is not a false-positive. The address that the emails are coming from are not a factor in the case of vulnerabilities. Our vulnerability checking looks for exploits in an email. If it finds one, it will mark it no matter who it is coming from. This is correct behavior for the tests and therefore, not a false-positive. As for allowing these for everyone who sends to your server, I would advise against it, but of course, it is your choice. Instead I would allow vulnerabilities on a per-sender basis in order to be safe. For example, you said that you received 10 emails from a legit address that were caught as a vulnerability. In that case, I would allow vulnerabilities for that particular user. You can do that by adding a line to your virus.cfg file... ALLOWVULNERABILITIESFROMu...@domain.com If you wanted to allow vulnerabilities from the entire domain, you would add the following line instead... ALLOWVULNERABILITIESFROMdomain.com (without the @ symbol) You mentioned that the vulnerability you are seeing from the user in question is the 'uuencoding bad end' Vulnerability. Where are you seeing this? Is it in the email or the virus.cfg log? Could you copy and paste it from the log or email so I can send it over to development for review? Thanks again. -- From: Kevin Rogers ke...@rootdesign.com Sent: Thursday, May 06, 2010 8:39 PM To: declude.virus@declude.com Subject: [Declude.Virus] False Positives I'm getting several false positives a day for the following tests: [Outlook 'Blank Folding' Vulnerability] MIME segment in MIME Postamble Today I received 10 false positives (from the same legit email address) of ['uuencoding bad end' Vulnerability] I can't even find the 'uuencoding bad end' vulnerability in virus.cfg to allow it. This is the first I've seen of this test. I was getting too many of the OLMIMESEGMIMEPRE test before I had to allow them. I am running the latest v4.10.48 on Imail. Are other people using these tests without many/any false positives? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] False Positives
You're welcome, Kevin and thanks for the log snip. I sent it over to development to obtain more detailed information about it. I will let you know as soon as I receive a response. -- From: Kevin Rogers ke...@rootdesign.com Sent: Friday, May 07, 2010 6:02 PM To: declude.virus@declude.com Cc: Linda Pagillo lpagi...@declude.com Subject: Re: [Declude.Virus] False Positives Thanks for your help Linda. Here are a couple log snippets of the 'uuencoding bad end' Vulnerability 05/06/2010 15:39:30.823 q126c7cd3e05f.smd Vulnerability flags = 65 05/06/2010 15:39:31.854 q126c7cd3e05f.smd 'uuencoding bad end' vulnerability in line 208152 05/06/2010 15:39:32.166 q126c7cd3e05f.smd Scanned: CONTAINS A VIRUS [UU: 2 46771][MIME: 3 13110006] 05/06/2010 15:41:21.916 qa51e7cdae07c.smd Vulnerability flags = 65 05/06/2010 15:41:22.932 qa51e7cdae07c.smd 'uuencoding bad end' vulnerability in line 203543 05/06/2010 15:41:23.276 qa51e7cdae07c.smd Scanned: CONTAINS A VIRUS [UU: 2 46771][MIME: 3 12819408] On 5/7/2010 7:31 AM, Linda Pagillo wrote: Hi Kevin. Thanks for your post. I first would like to explain that what you are seeing is not a false-positive. The address that the emails are coming from are not a factor in the case of vulnerabilities. Our vulnerability checking looks for exploits in an email. If it finds one, it will mark it no matter who it is coming from. This is correct behavior for the tests and therefore, not a false-positive. As for allowing these for everyone who sends to your server, I would advise against it, but of course, it is your choice. Instead I would allow vulnerabilities on a per-sender basis in order to be safe. For example, you said that you received 10 emails from a legit address that were caught as a vulnerability. In that case, I would allow vulnerabilities for that particular user. You can do that by adding a line to your virus.cfg file... ALLOWVULNERABILITIESFROMu...@domain.com If you wanted to allow vulnerabilities from the entire domain, you would add the following line instead... ALLOWVULNERABILITIESFROMdomain.com (without the @ symbol) You mentioned that the vulnerability you are seeing from the user in question is the 'uuencoding bad end' Vulnerability. Where are you seeing this? Is it in the email or the virus.cfg log? Could you copy and paste it from the log or email so I can send it over to development for review? Thanks again. -- From: Kevin Rogers ke...@rootdesign.com Sent: Thursday, May 06, 2010 8:39 PM To: declude.virus@declude.com Subject: [Declude.Virus] False Positives I'm getting several false positives a day for the following tests: [Outlook 'Blank Folding' Vulnerability] MIME segment in MIME Postamble Today I received 10 false positives (from the same legit email address) of ['uuencoding bad end' Vulnerability] I can't even find the 'uuencoding bad end' vulnerability in virus.cfg to allow it. This is the first I've seen of this test. I was getting too many of the OLMIMESEGMIMEPRE test before I had to allow them. I am running the latest v4.10.48 on Imail. Are other people using these tests without many/any false positives? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] False Positives
Hi Kevin. Thanks for your post. I first would like to explain that what you are seeing is not a false-positive. The address that the emails are coming from are not a factor in the case of vulnerabilities. Our vulnerability checking looks for exploits in an email. If it finds one, it will mark it no matter who it is coming from. This is correct behavior for the tests and therefore, not a false-positive. As for allowing these for everyone who sends to your server, I would advise against it, but of course, it is your choice. Instead I would allow vulnerabilities on a per-sender basis in order to be safe. For example, you said that you received 10 emails from a legit address that were caught as a vulnerability. In that case, I would allow vulnerabilities for that particular user. You can do that by adding a line to your virus.cfg file... ALLOWVULNERABILITIESFROMu...@domain.com If you wanted to allow vulnerabilities from the entire domain, you would add the following line instead... ALLOWVULNERABILITIESFROMdomain.com (without the @ symbol) You mentioned that the vulnerability you are seeing from the user in question is the 'uuencoding bad end' Vulnerability. Where are you seeing this? Is it in the email or the virus.cfg log? Could you copy and paste it from the log or email so I can send it over to development for review? Thanks again. -- From: Kevin Rogers ke...@rootdesign.com Sent: Thursday, May 06, 2010 8:39 PM To: declude.virus@declude.com Subject: [Declude.Virus] False Positives I'm getting several false positives a day for the following tests: [Outlook 'Blank Folding' Vulnerability] MIME segment in MIME Postamble Today I received 10 false positives (from the same legit email address) of ['uuencoding bad end' Vulnerability] I can't even find the 'uuencoding bad end' vulnerability in virus.cfg to allow it. This is the first I've seen of this test. I was getting too many of the OLMIMESEGMIMEPRE test before I had to allow them. I am running the latest v4.10.48 on Imail. Are other people using these tests without many/any false positives? --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Declude Interim Version 4.6.33 Available
Yes this is correct. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: lpagi...@declude.com - Original Message - From: Mario Antonio Garcia To: declude.virus@declude.com Cc: Webjogger Support Sent: Thursday, May 21, 2009 9:55 AM Subject: Re: [Declude.Virus] Declude Interim Version 4.6.33 Available Linda, Thanks for the announcement. In our case, Declude 4.4.0 running in Imail: My guess is to upgrade the system all that I have to do is: 1) backup the files we are going to overwrite 2) Stop DecludeProc Service 3) Copy the following files to the Imail folder: asapsdk.dll avgsdk.dll decludeproc_IM.exe pcre3.dll 4) rename decludeproc_IM.exe to decludeproc.exe Is this procedure right? Regards, Mario Antonio Garcia Webjogger Internet Services Linda Pagillo wrote: Good afternoon everyone. As you are probably aware, we previously had you disable your FILTER-SCAM and FILTER-SPAM because malformed spam was causing declude to crash when it hit these filters. We now have a fix available. If you would like to apply the fix, please go to our interim site at http://interim.declude.com , username interim, password decinterim and download version 4.6.33. We also posted the release notes there for your reference. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: lpagi...@declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Interim Version 4.6.33 Available
Good afternoon everyone. As you are probably aware, we previously had you disable your FILTER-SCAM and FILTER-SPAM because malformed spam was causing declude to crash when it hit these filters. We now have a fix available. If you would like to apply the fix, please go to our interim site at http://interim.declude.com , username interim, password decinterim and download version 4.6.33. We also posted the release notes there for your reference. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: lpagi...@declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude Interim Version 4.6.33 Available
Good afternoon everyone. As you are probably aware, we previously had you disable your FILTER-SCAM and FILTER-SPAM because malformed spam was causing declude to crash when it hit these filters. We now have a fix available. If you would like to apply the fix, please go to our interim site at http://interim.declude.com , username interim, password decinterim and download version 4.6.33. We also posted the release notes there for your reference. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: lpagi...@declude.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude Crashes
Hi everyone. I wanted to make you all aware of a possible issue that you may be having. There is a rash of spam that has been going around for the past 3 days. The spam has malformed headers which are causing Declude to crash repeatedly. We were able to find where it was crashing Declude. If you are experiencing this issue you need to go to your global.cfg file and comment out your FILTER-SCAM and FILTER-SPAM lines then restart your decludeproc service. This will stop the crashing. There is a line in those filters which is causing Declude to crash when it sees the malformed headers. We have identified which line it is and we are working on figuring out why it causes Declude to crash. In the mean time, commenting out those 2 filters will work to stop the crashes. Also, remember to check your review folder under your proc directory for any mail that was placed there yesterday and today. If you find mail there, you can move it to your proc directory after you comment out the filters and declude will process it normally. If you have a large amount of mail in review, I suggest that you move it in smaller batches at a time so Declude can handle it more efficiently. If you have any questions, please post them to this list. I will be checking my mail all day. Thank you. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: lpagi...@declude.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Declude Crashes
Hi everyone. I wanted to make you all aware of a possible issue that you may be having. There is a rash of spam that has been going around for the past 3 days. The spam has malformed headers which are causing Declude to crash repeatedly. We were able to find where it was crashing Declude. If you are experiencing this issue you need to go to your global.cfg file and comment out your FILTER-SCAM and FILTER-SPAM lines then restart your decludeproc service. This will stop the crashing. There is a line in those filters which is causing Declude to crash when it sees the malformed headers. We have identified which line it is and we are working on figuring out why it causes Declude to crash. In the mean time, commenting out those 2 filters will work to stop the crashes. Also, remember to check your review folder under your proc directory for any mail that was placed there yesterday and today. If you find mail there, you can move it to your proc directory after you comment out the filters and declude will process it normally. If you have a large amount of mail in review, I suggest that you move it in smaller batches at a time so Declude can handle it more efficiently. If you have any questions, please post them to this list. I will be checking my mail all day. Thank you. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: lpagi...@declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Domain Spoofing Trend
Hi everyone. I just wanted to send out a quick note to let everyone know that i have been seeing a trend over the past 2 days. There seems to be an abnormal amount of domain and email address spoofing by spammers. This is causing a lot of our customers to get whitelisted spam delivered to their inboxes. If you are having this problem, there are 2 basic reasons why it is happening. 1.) You have your own domain(s) or email address(es) whitelisted in your global.cfg file or individual domain whitelistfiles. 2.) You have your own domain(s) or email address(es) in your Imail webmail address book or Smartermail webmail address book or trusted sender's list. Whatever the case is, remove those entries and the spoofs will not get through as whitelisted. If you are concerned about not receiving intra-domain email, don't be worried as Declude will whitelist all authenticated users. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Domain Spoofing Trend
Hi everyone. I just wanted to send out a quick note to let everyone know that i have been seeing a trend over the past 2 days. There seems to be an abnormal amount of domain and email address spoofing by spammers. This is causing a lot of our customers to get whitelisted spam delivered to their inboxes. If you are having this problem, there are 2 basic reasons why it is happening. 1.) You have your own domain(s) or email address(es) whitelisted in your global.cfg file or individual domain whitelistfiles. 2.) You have your own domain(s) or email address(es) in your Imail webmail address book or Smartermail webmail address book or trusted sender's list. Whatever the case is, remove those entries and the spoofs will not get through as whitelisted. If you are concerned about not receiving intra-domain email, don't be worried as Declude will whitelist all authenticated users. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.2 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Direct: 978-225-8347 Office: 978.499.2933 Ext.2 Toll Free: 1-866.332.5833 Ext.2 Fax: 978.334.0700 Email: [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] RE: [Declude.JunkMail] 4.3.46
Please give me a call at 1-866-332-5833 ext. 7008. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.7008 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Office: 978.499.2933 x7008 Toll Free: 1-866.332.5833 x7008 Fax: 978.334.0700 Email: [EMAIL PROTECTED] - Original Message - From: Hirthe, Alexander [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Friday, October 19, 2007 12:08 PM Subject: AW: [Declude.Virus] RE: [Declude.JunkMail] 4.3.46 Hello, our declude is crashing, no matter if I try 4.3.46 or 4.3.64. It looks like a special offer with about 1400 To Addresses. The Header looks not very strange: Received: from moutng.kundenserver.de [212.227.126.186] by xx-GmbH.de with ESMTP (SMTPD-8.22) id A2ED0348; Fri, 19 Oct 2007 19:01:33 +0200 Received: from ics-id.de (p578b6f85.dip0.t-ipconnect.de [87.139.111.133]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1Iitka1tTt-00035s; Fri, 19 Oct 2007 17:41:54 +0200 Received: from mail pickup service by ics-id.de with Microsoft SMTPSVC; Fri, 19 Oct 2007 16:45:57 +0200 Return-Path: [EMAIL PROTECTED] Delivery-Date: Fri, 19 Oct 2007 16:36:56 +0200 Received-SPF: pass (mxeu24: domain of srs.kundenserver.de designates 212.227.126.187 as permitted sender) client-ip=212.227.126.187; [EMAIL PROTECTED]; helo=moutng.kundenserver.de; Return-Path: [EMAIL PROTECTED] Delivery-Date: Fri, 19 Oct 2007 10:39:31 +0200 Received-SPF: none (mxeu18: 12.107.122.224 is neither permitted nor denied by domain of europastar.com) client-ip=12.107.122.224; [EMAIL PROTECTED]; helo=vnu001glbmxh01.enterprisenet.org; Message-ID: [EMAIL PROTECTED] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 Content-class: urn:content-classes:message Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=_=_NextPart_001_01C8122B.6A62C395 Subject: =?utf-8?Q?TR:_EUROTEC_NR_355_=286/07=29_-_=C3=A4ussert_attraktives_Sonder?= =?utf-8?Q?angebot!?= Date: Fri, 19 Oct 2007 16:45:57 +0200 X-Mailer: Microsoft CDO for Exchange 2000 X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: =?utf-8?Q?EUROTEC_NR_355_=286/07=29_-_=C3=A4ussert_attraktives_Sonderange?= =?utf-8?Q?bot!?= Thread-Index: AcgRkreGKI2IQ6TCQ3W3v9rY5iSFDAAAc3swACTqwAA= From: Bailly-Henguely, Jocelyne [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], And this repeated till line 1459. It's 164 KB in size, with mid nothing in the logfile. Eventlog says stopped unexpectedly :) ? Alex Siller AG, Wannenaeckerstrasse 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Joern Buelow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] removing js/psyme
Bob... have them go to the following link and scan their systems. This should take care of the trojan easly. http://housecall.trendmicro.com/ If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.7008 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Office: 978.499.2933 x7008 Toll Free: 1-866.332.5833 x7008 Fax: 978.334.0700 Email: [EMAIL PROTECTED] - Original Message - From: Bob McGregor [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Tuesday, July 24, 2007 11:50 AM Subject: Re: [Declude.Virus] removing js/psyme thanks david, I got that to stop them from linda yesterday but now I'm wondering how to clean the ones that already visited the website and are infected... hoping someone knows of an easy way... bob On Tuesday, July 24, 2007 10:36 AM, David Barker [EMAIL PROTECTED] wrote: Just FYI the emails themselves do not contain a virus. Use the attached filter to detect these emails, using Declude JunkMail. You must be using at least Declude 4.3.46 to take use the regular expression filtering. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob McGregor Sent: Tuesday, July 24, 2007 12:26 PM To: Declude-List Subject: [Declude.Virus] removing js/psyme We have had quite a few people open the ecard messages and are now infected with this virus. Anyone know of a freebe that will remove this one? Currently, the only way we're able to remove it is safe mode and avg. thanks, bob --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Declude 4.3.46 Release
John, the missing file was actually called pcr3.dll. If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.7008 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Office: 978.499.2933 x7008 Toll Free: 1-866.332.5833 x7008 Fax: 978.334.0700 Email: [EMAIL PROTECTED] - Original Message - From: John T (lists) [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Monday, April 16, 2007 2:38 PM Subject: RE: [Declude.Virus] Declude 4.3.46 Release Just got off the phone with Tech Support. A file pcres.dll was not included in the original upgrade executable and if that file is not in the \Imail directory the decludeproc service will not start. She had to send me the file separately and they will now be changing the upgrade executable. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, April 16, 2007 11:24 AM To: declude.virus@declude.com Subject: [Declude.Virus] Declude 4.3.46 Release Addresses this AVG issue. If you currently only have AVG as your virus scanner I would consider this a critical update. EVA ADD Improved AVG virus database format for optimization EVA ADD Improved speed of AVG scanning by 15-20% EVA ADD Updated AVG (avgsdk.dll 1.2.449) DEC ADD Updated Commtouch ZEROHOUR (asapsdk.dll 5.03.0013) JM FIX Smartermail HELO was being picked up from the headers rather than the envelope JM FIX Fixed log entry for PCRE when matching on location SUBJECT David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hirthe, Alexander Sent: Monday, April 16, 2007 10:09 AM To: declude.virus@declude.com Subject: AW: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Hello Darell, are you (or David :) sure with the return codes? I'm getting 0.0.0.1 and these files on both servers: DarellAlex incavi.avm - 4/15/2007 - 4/06/2007 microavi.avg - 4/5/2007 - 4/05/2007 miniavg.avg - 2/16/2007 - 2/16/2007 avi7.avg - 2/21/2007 - 21/02/2007 I stopped decludeproc, renamed the AVG Files and started decludeproc and I got the same files, all from today, but with the same size than bevor. Alex Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Darrell ([EMAIL PROTECTED]) Gesendet: Montag, 16. April 2007 14:37 An: declude.virus@declude.com Betreff: Re: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 Honestly, I am not sure what all the individual files are, but here are my dates incavi.avm - 4/15/2007 microavi.avg - 4/5/2007 miniavg.avg - 2/16/2007 avi7.avg - 2/21/2007 Howard - you can try this post from David from the Archive- http://www.mail- archive.com/declude.virus@declude.com/msg13473.html Darrell --- - Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Howard Smith (N.O.R.A.D.) mailto:[EMAIL PROTECTED] To: declude.virus@declude.com Cc: [EMAIL PROTECTED] ; 'David Barker' mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 6:28 AM Subject: [Declude.Virus] AVG Virus updates - No updates from declude since 4/7/7 I have not had a virus update from decludes AVG builtin scanner since 4/6/7 , has any one received any later updates , or suggestions to fix problem Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. Siller AG, Wannenäckerstraße 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Jörn Bülow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED