Re: [Declude.Virus] Declude Virus inoperable for 13% of th year?

2009-06-03 Thread Serge 
Hello David,

1- What will happen to those who have a perpetual licence but no SA on 
2010-12-31

2- The prices and number of developpers is declude buisness, we cannot force 
you one way or another
but once you make your choice, we, the customers, make our decisions based 
on factors, including price, quality, 
so even if you want to blame low prices and lack of staff,, it is still 
declude management fault, not the customers

that is not to say that i'm not satisfied with declude product and support
just dont agree with your logic

BR

Serge







  - Original Message - 
  From: David Barker 
  To: declude.virus@declude.com 
  Sent: Wednesday, June 03, 2009 3:07 PM
  Subject: RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?


  Andy,

   

  a.   Declude Virus does not have a built in system to report this error 
as with this specific example. What happened here is not the norm but an 
exception.  It was not our choice to hard code the expiration date but a 
requirement from AVG. In this instance the specific persons who we had been 
working with at AVG are no longer with the company and the process of having 
this renewed took longer than usual. 

   

  b.  I am not sure if you are being facetious, but if it makes you feel 
better, sure you can schedule a reminder for me,  please email me at least 3 
month prior of the new expiration date 2010-12-31 

   

  c.   Yes AVG was not working as it should have been since 2009-04-10 I 
agree with you -  this is totally unacceptable, intolerable, painful and should 
not be brushed aside lightly. You are correct in your observations, we should 
increase our prices dramatically so we can hire more developers to ensure 
unfortunate incidents like this don't happen again.  Considering the market and 
what other vendors charge how much more are you prepared to pay for your 
service agreement so that we can meet this type of requirement ?

   

  David Barker
  VP Operations Declude
  Your Email security is our business
  978.499.2933 office
  978.988.1311 fax
  dbar...@declude.com

   

   

   

  From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy 
Schmidt
  Sent: Wednesday, June 03, 2009 9:08 AM
  To: declude.virus@declude.com
  Subject: [Declude.Virus] Declude Virus inoperable for 13% of th year?
  Importance: High
  Sensitivity: Personal

   

  Hi,

   

  Dave - so now that we have a working Declude Virus again, what can be done to 
prevent this from recurring.

   

  a)   Apparently Declude Virus has no error tracking in place at all - 
otherwise it would have REPORTED to us (or your own Declude to your own mail 
server) that the AVG API was no longer performing scans?

   

  b)   Do the customers need to set a follow-up reminder for December 2010, 
which is when your new renewed AVG license will expire?

   

  The old DecludeProc had THIS AVG License String:

   

  LicBeg, Ver=1.0, Name="Declude", Exp=2009-04-10

   

  So this implies, that the product was inoperable since April 10th for every 
customer because Declude didn't obtain a new annual AVG license and had to wait 
a few days for this "transaction" to complete? That means the product was 
unusable for 13% of the year?

   

  This can't just be brushed aside quietly. 

   

  Best Regards,

  Andy 


  ---
  This E-mail came from the Declude.Virus mailing list. To
  unsubscribe, just send an E-mail to imail...@declude.com, and
  type "unsubscribe Declude.Virus". The archives can be found
  at http://www.mail-archive.com. 


  ---
  This E-mail came from the Declude.Virus mailing list. To
  unsubscribe, just send an E-mail to imail...@declude.com, and
  type "unsubscribe Declude.Virus". The archives can be found
  at http://www.mail-archive.com. 

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Log analyzer

2007-11-07 Thread Serge 


Hi 


how to make VLA work wih declude built in scanner ?
apparantly it only handles viruses caught by second scanner

TIA



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Microsoft Antivirus in your future ?

2005-01-06 Thread Serge 
Title: Message



the curent product is retroactive, according to the 
article, and may become subscribtion based
Rav product will compete directly with symantec and 
mcafee
if they SELL it as a separate product, they will 
have no antitrust problems
they learned their lesson, they won't bundle it 
with windows
 
 

  - Original Message - 
  From: 
  Colbeck, 
  Andrew 
  To: Declude.Virus@declude.com 
  Sent: Thursday, January 06, 2005 7:42 
  PM
  Subject: RE: [Declude.Virus] Microsoft 
  Antivirus in your future ?
  
  My 
  reading this morning on canoe.ca was that their purchase in 2003 of RAV is 
  going to surface as a subscription based retroactive cleaning system for only 
  the topmost current viruses.  Microsoft is still going to encourage the 
  purchase of big-name vendors' products for desktops and servers.  That 
  should stave off further anti-competitive lawsuits from those big-name 
  vendors.
   
  Andrew 8)
  

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of SergeSent: Thursday, January 06, 2005 11:09 
AMTo: Declude.Virus@declude.comSubject: 
[Declude.Virus] Microsoft Antivirus in your future ?
 
 
http://www.cnn.com/2005/TECH/01/06/microsoft.antivrus.ap/index.html
 
 

[Declude.Virus] Microsoft Antivirus in your future ?

2005-01-06 Thread Serge 
Title: Infected NDRs ?



 
 
http://www.cnn.com/2005/TECH/01/06/microsoft.antivrus.ap/index.html
 
 

Re: [Declude.Virus] Upgrade issues

2004-12-21 Thread Serge 
Douglas,
Any problems can result from changing mac ? (besside conflict with a local 
machine)
TIA

- Original Message - 
From: "Douglas Cohn" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, December 22, 2004 12:02 AM
Subject: RE: [Declude.Virus] Upgrade issues


What exactly does this mean?  How long will you wait and does Deculde run
without the key?
The built-in failsafes are designed to ensure that you won't need to wait
until the next business >>day to get a new license key.
It is not like MAC addresses are impossible to change.  Many drivers allow
you to type in a MAC address.
If you are truly concerned about people using the product without a 
license
use a hardware key .  That will certainly help to keep the product
running on just the server it was intended for.

http://www.safenet-inc.com/products/sentinel/index.asp
Unluckily they cost about $35 per machine but this stuff truly works and 
in
99.99% of all cases is foolproof.

DC
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, December 21, 2004 6:47 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Upgrade issues

Am I hearing correctly that, beginning with 2.0, licensing is tied to
the MAC address?
Correct.
If so, what about those of us who load balance the traffic to the
server across multiple NICs?  This is a must to avoid downtime due to
failure of a NIC (it's saved our bacon a couple of times).
Also, if a NIC is replaced, or we migrate to a different server, what
is the process the get a new license key...and is that available 24/7/365?
We absolutely need to be able to handle these situations immediately
without waiting until the next business day to get a new license key.
The built-in failsafes are designed to ensure that you won't need to wait
until the next business day to get a new license key.
   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

This outgoing message is guaranteed to be authentic by Message Level 
users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, 
just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Upgrade issues

2004-12-21 Thread Serge 
For me, even a hardware key is better than a key based on MAC
Even if you have to charge us for one
Provided you supply an additional one as spare
You can always remotely disable it in case of abuse
- Original Message - 
From: "Douglas Cohn" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, December 22, 2004 12:02 AM
Subject: RE: [Declude.Virus] Upgrade issues


What exactly does this mean?  How long will you wait and does Deculde run
without the key?
The built-in failsafes are designed to ensure that you won't need to wait
until the next business >>day to get a new license key.
It is not like MAC addresses are impossible to change.  Many drivers allow
you to type in a MAC address.
If you are truly concerned about people using the product without a 
license
use a hardware key .  That will certainly help to keep the product
running on just the server it was intended for.

http://www.safenet-inc.com/products/sentinel/index.asp
Unluckily they cost about $35 per machine but this stuff truly works and 
in
99.99% of all cases is foolproof.

DC
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, December 21, 2004 6:47 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Upgrade issues

Am I hearing correctly that, beginning with 2.0, licensing is tied to
the MAC address?
Correct.
If so, what about those of us who load balance the traffic to the
server across multiple NICs?  This is a must to avoid downtime due to
failure of a NIC (it's saved our bacon a couple of times).
Also, if a NIC is replaced, or we migrate to a different server, what
is the process the get a new license key...and is that available 24/7/365?
We absolutely need to be able to handle these situations immediately
without waiting until the next business day to get a new license key.
The built-in failsafes are designed to ensure that you won't need to wait
until the next business day to get a new license key.
   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

This outgoing message is guaranteed to be authentic by Message Level 
users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, 
just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Upgrade issues

2004-12-21 Thread Serge 
If my server dies on a weekend, i will rebuild one with same IP, but not 
same NIC
Why can't you use the IP tied to Imail primary host name as key, and use 
MACs only for tracking purposes
I can't sleep well knowing i may run into declude problems if my NIC failed

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, December 21, 2004 9:33 PM
Subject: Re: [Declude.Virus] Upgrade issues



1- Please do not base keys on mac adresses. IP maybe, but not mac
I believe the decision was made to use the MAC address based on the fact 
that some people might be running copies of IMail on separate servers 
behind a single IP.
And what happens if you have 4 nics, and 32 IP address  on the same 
machine, of
which they use Private IP's that are nat'd via separate firewalls?
That's another good reason not to use IPs.  :)  The 4 NICs could 
potentially be a problem, though.

What if a Single Nic server were to loose there nic @ 12AM Friday, So, No 
mail
tell Monday?
Don't worry; they have built-in failsafes to ensure that service won't be 
interrupted.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.


This outgoing message is guaranteed to be authentic by Message Level 
users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Upgrade issues

2004-12-21 Thread Serge 
1- Please do not base keys on mac adresses. IP maybe, but not mac

2- > I cannot say; this is an issue that should be handled via support.  The
> IMail version of Declude should work fine with your current activation
code.

20041221 201737 127.0.0.1   SMTPD (84e1035504c835a3) [208.154.200.6]
connect 63.246.13.90 port 29207
20041221 201738 127.0.0.1   SMTPD (84e1035504c835a3) [63.246.13.90] EHLO
declude.com
20041221 201739 127.0.0.1   SMTPD (84e1035504c835a3) [63.246.13.90] MAIL
FROM:<[EMAIL PROTECTED]>
20041221 201739 127.0.0.1   SMTPD (84e1035504c835a3) [63.246.13.90] RCPT
To:<[EMAIL PROTECTED]>
20041221 201741 127.0.0.1   SMTPD (84e1035504c835a3) [63.246.13.90]
F:\Imail\spool\D84e1035504c835a3.SMD 4865

Here is what i get
The mail does not get delivered
and Nothing in declude virus log is being added after the upgrade

E:\Imail>declude -diag
Declude 2.0b (C) Copyright 2000-2004 Computerized Horizons.
Compilation Platform: IMail

Diagnostics ON (Declude v2.0b).

No licenses Reported

No licenses Reported

loading all configs
Declude JunkMail:  Config file found (E:\Imail\Declude\global.CFG).
Declude Virus: Config file found (E:\Imail\Declude\Virus.CFG).
Declude Hijack:Config file found (E:\Imail\Declude\Hijack.CFG).
Declude Confirm:   Not installed (no E:\Imail\Declude\Confirm.CFG file).

103 spam tests defined: LOOSENSPAMHEADERS AHBLRELAYS AHBLPROXIES AHBLSOURCES
AHB
LSUPPORT AHBLEXEMPT BLITZEDALL BONDEDSENDER EXSILIA-SPAM IPWHOIS NJABL
NJABLDUL
NJABLFORMMAIL NJABLMULTI NJABLPROXIES NJABLSOURCES ORDB CSMA-SBL COMPU RSL
SPAMB
AG SPAMHAUS SBL SPAMCOP CBL XBL DSBL DSN MAILPOLICE-BULK MAILPOLICE-PORN
NOABUSE
 NOPOSTMASTER BASE64 BADHEADERS HELOBOGUS MAILFROM PERCENT REVDNS ROUTING
SPAMHE
ADERS CMDSPACE COMMENTS HEUR12 SPFPASS SPFFAIL SPAMDOMAINS IPNOTINMX
NOLEGITCONT
ENT BCC NONENGLISH SUBJECTCHARS SUBJECTSPACES FORGEDHELO-FILTER
NEGATIVE-FILTER
NEGATIVE-LOCAL-OE GIBBERISH GIBBERISHSUB DYNAMIC SURBL OFFENSIVE FALSE-AOL
FALSE
-YAHOO FALSE-HOTMAIL FALSE-TELEFONICA GOOD-TELEFONICA GOOD_HOTMAIL GOOD_AOL
GOOD
_Yahoo FILTER-BODYURL FILTER-SPAMMER-COMPANY FILTER-PORN SIZE-S SIZE-M
SIZE-L SI
ZE-XL CEFIBBL HELOISIP HELOISIPX SNIFFER FIVETEN-SPAM FIVETEN-BULK
FIVETEN-MULTI
STAGE FIVETEN-SPAMSUPPORT FIVETEN-MISC FIVETEN-FREE SORBS SORBS-HTTP
SORBS-SOCKS
 SORBS-MISC SORBS-SPAM SORBS-WEB SORBS-ZOMBIE SORBS-DUL WEIGHT10 DWEIGHT10
DWEIG
HT15 DWEIGHT20 DWEIGHT25 DWEIGHT30 DWEIGHT40 DWEIGHT50 DWEIGHT60
CATCHALLMAILS

IMail reports Official Host Name as: "mail.cefib.com".
IMail's SendName registry seems OK:  "e:\Imail\Declude.exe".
DNS Server: 208.154.200.1

Declude JunkMail Status: PRO version registered.
Declude Virus Status:Pro Version Registered.
Declude Hijack Status:   Registered.

End of diagnostics.




---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] DO NOT UPGRADE

2004-12-21 Thread Serge 
Just upgraded to 2.0B, and declude stoped working

When running -diag I am getting a strange line:

Declude v2.0b key request on  MAC 000E7F2E754C.

What is this key request ?
Why is declude not working ?
Why isn't there a warning in the installation procedure ?
What is going on at Declude ? Are they trying to follow Ipswitch Mr Krap
footsteps ?
With Scott, it use to be safe to use Betas, is this changing now ? Did I
miss any warning ?

Also, declude.exe size is half what it use to be

Meanwhile, went back to 1.81




E:\Imail>declude -diag
Declude 2.0b (C) Copyright 2000-2004 Computerized Horizons.
Compilation Platform: IMail


Diagnostics ON (Declude v2.0b).

Declude v2.0b.0 key request on  MAC 000E7F2E754C.

loading all configs
Declude JunkMail:  Config file found (E:\Imail\Declude\global.CFG).
Declude Virus: Config file found (E:\Imail\Declude\Virus.CFG).
Declude Hijack:Config file found (E:\Imail\Declude\Hijack.CFG).
Declude Confirm:   Not installed (no E:\Imail\Declude\Confirm.CFG file).

103 spam tests defined: LOOSENSPAMHEADERS AHBLRELAYS AHBLPROXIES AHBLSOURCES
AH
LSUPPORT AHBLEXEMPT BLITZEDALL BONDEDSENDER EXSILIA-SPAM IPWHOIS NJABL
NJABLDUL
NJABLFORMMAIL NJABLMULTI NJABLPROXIES NJABLSOURCES ORDB CSMA-SBL COMPU RSL
SPAM
AG SPAMHAUS SBL SPAMCOP CBL XBL DSBL DSN MAILPOLICE-BULK MAILPOLICE-PORN
NOABUS
 NOPOSTMASTER BASE64 BADHEADERS HELOBOGUS MAILFROM PERCENT REVDNS ROUTING
SPAMH
ADERS CMDSPACE COMMENTS HEUR12 SPFPASS SPFFAIL SPAMDOMAINS IPNOTINMX
NOLEGITCON
ENT BCC NONENGLISH SUBJECTCHARS SUBJECTSPACES FORGEDHELO-FILTER
NEGATIVE-FILTER
NEGATIVE-LOCAL-OE GIBBERISH GIBBERISHSUB DYNAMIC SURBL OFFENSIVE FALSE-AOL
FALS
-YAHOO FALSE-HOTMAIL FALSE-TELEFONICA GOOD-TELEFONICA GOOD_HOTMAIL GOOD_AOL
GOO
_Yahoo FILTER-BODYURL FILTER-SPAMMER-COMPANY FILTER-PORN SIZE-S SIZE-M
SIZE-L S
ZE-XL CEFIBBL HELOISIP HELOISIPX SNIFFER FIVETEN-SPAM FIVETEN-BULK
FIVETEN-MULT
STAGE FIVETEN-SPAMSUPPORT FIVETEN-MISC FIVETEN-FREE SORBS SORBS-HTTP
SORBS-SOCK
 SORBS-MISC SORBS-SPAM SORBS-WEB SORBS-ZOMBIE SORBS-DUL WEIGHT10 DWEIGHT10
DWEI
HT15 DWEIGHT20 DWEIGHT25 DWEIGHT30 DWEIGHT40 DWEIGHT50 DWEIGHT60
CATCHALLMAILS

IMail reports Official Host Name as: "mail.cefib.com".
IMail's SendName registry seems OK:  "e:\Imail\Declude.exe".
DNS Server: 208.154.200.1

Declude JunkMail Status: PRO version registered.
Declude Virus Status:Pro Version Registered.
Declude Hijack Status:   Registered.

End of diagnostics.



- Original Message - 
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, December 21, 2004 6:25 PM
Subject: RE: [Declude.Virus] PB installing 2.0B


Hey, Declude Support, I'm interested in a manual installation, too!

...

Now, I don't want to sound like I'm shooting the messenger, but I hope
you guys aren't doing this on your production server.

Since I'm interested in the manual installation, I'll install it on the
development server, note the changes, and then after testing, bring it
over to the live server.

Which is the same as I've done the last few times.  If you're going to
implement beta software, it's worth the effort.

Andrew 8)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Tuesday, December 21, 2004 7:02 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] PB installing 2.0B


- Original Message - 
From: "Serge" <[EMAIL PROTECTED]>

> you are probably right
> we use to have the same issue with manual install
> However, the full install notes specificaly say that "no service need
> to
be
> stoped when upgrading"
> So they need get their act together, or give us back our old manual
install

I agree, the old manual download/install should at least be an option.
I don't like downloading 6.66mb file, just to get a 500kb declude.exe
file. Especially when that 6mb install file takes over 3.5 minutes to
complete its installation process, and then changes my config files in
the process without warning (as Kami noted, it changes the .eml files -
did the same thing here), and then did not install properly.

After running the install, which completed without error, I ended up
with a 288kb declude.exe file that did not work - I had to revert back
to version 1.81 to get Declude JunkMail & Virus to function again.  What
size declude.exe file have others that successfully installed 2.0B ended
up with?

Bill

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Decl

Re: Re[2]: [Declude.Virus] PB installing 2.0B

2004-12-21 Thread Serge 
Here is the reply I got
Talk about automatic installation :)


== Please reply above this line ==

PB installing 2.0B

Sorry the install does not support extracting that one file. Please send me
a listing of the imail folder. Then rename declude.exe to declude.old and
retry the install. There is 'some' issue with trying to copy in the new
declude.exe. If that doesn't work, I will make new install for you with more
information in it to work this out.


- Original Message - 
From: "John Carter" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, December 21, 2004 4:46 PM
Subject: RE: Re[2]: [Declude.Virus] PB installing 2.0B


> Scott:
>
> I'm sure you have been watching this thread.  Suggestion: if Declude is
> determined to use only the install program, have person responsible for it
> add an option to update only -- copying over the old declude.exe and
leaving
> the configuration and eml's intact. (I haven't used the install program,
so
> I'm assuming this option isn't there based on others comments.)
>
> Thanks,
> John
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] PB installing 2.0B

2004-12-21 Thread Serge 
you are probably right
we use to have the same issue with manual install
However, the full install notes specificaly say that "no service need to be
stoped when upgrading"
So they need get their act together, or give us back our old manual install


- Original Message - 
From: "Kami Razvan" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, December 21, 2004 11:04 AM
Subject: RE: [Declude.Virus] PB installing 2.0B


> Hi Serge:
>
> We had a similar issue but I think I know what happens.  If Declude is in
> use then it can not copy the Declude.exe file in the install directory.
We
> used to have the same issue when copying the Declude.exe file and IMail
was
> processing email.. Since Declude.exe was in use you could not copy it
over.
>
> I stopped the services and waited for the spool to clear then installed
2.b
> and it worked fine..
>
> Regards,
> Kami
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Serge
> Sent: Monday, December 20, 2004 6:50 PM
> To: Declude.Virus@declude.com
> Cc: [EMAIL PROTECTED]
> Subject: [Declude.Virus] PB installing 2.0B
>
>
> I am trying to upgrade to 2.0B
> Getting an error of:
> "Error copying file to taret directory"
> With status at "removing backup files"
>
> Need Help,
>
> TIA
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To unsubscribe,
just
> send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] PB installing 2.0B

2004-12-20 Thread Serge 
I am trying to upgrade to 2.0B
Getting an error of:
"Error copying file to taret directory"
With status at "removing backup files"
Need Help,
TIA
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] testvirus.org #22

2004-12-20 Thread Serge 
have both fprot and mcafee
Prescan off
#22 getting caught without a problem
#17 going thru
Andrew is catching #17, can it have anything to do with AVAFTERJM ON ?
- Original Message - 
From: "David Sullivan" <[EMAIL PROTECTED]>
To: 
Sent: Monday, December 20, 2004 9:47 PM
Subject: Re[8]: [Declude.Virus] testvirus.org #22


I turned if off and it still got through.

Test #17: Eicar virus hidden using the "CR Vulnerability" (attachment can 
be
opened by all versions of Microsoft Outlook and Outlook Express)
RSP> I just checked this one, and it got through here, too.  I examined 
the raw
RSP> source of the E-mail, and there doesn't appear to be a lone CR 
character in
RSP> it, so it doesn't appear to actually contain the Outlook "CR 
Vulnerability".

Scott, what do you get for test #22. Some have reported it caught
while others haven't. My F-Prot config is:
SCANFILE P:\Progra~1\fsi\f-prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=3 
/NOBOOT /DUMB /REPORT=report.txt
VIRUSCODE 3
VIRUSCODE 6
VIRUSCODE 8
REPORT Infection:

--
Best regards,
Davidmailto:[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] about Imail1.exe security issue

2004-11-24 Thread Serge 
we had the same issue few month ago
i suspected problem from declude because the addresses that appear in the
open imail1 window looked like ones that would be generated by declude
notifications (or maybe imail gses ?)
anyway, rebooting the server resolved the issue back then
Unfortunatly, since upgrading to 8.13 (or 8.14, can't tell exactly, because
i did both in less than 48 hours) the problem is coming again, and rebooting
did not help this time.
if you find a solution, let me know


- Original Message - 
From: "Crejob.com" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 24, 2004 10:05 AM
Subject: [Declude.Virus] about Imail1.exe security issue


> My Imail server keep pop up a "Create Mail Message", it's
> seems that Imail1.exe is exploit by someone to try send
> out spam.
> I try to limit the imail1.exe user permission, but this will
> result the webmail can not send out email.
> Any advice on how to solve this problem?
>
> Regards
> Brian
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Scott, what is our future?

2004-10-26 Thread Serge 
Or:

Option 4: stay with Imail 8.05 or 8.13 , with declude antivirus and
antispam.

For now, it is working fine for us
we will evaluate mdaemon and other product, but we will not switch now

There are people still using Imail 6.0x
I'm sure we can use the current code for at least a couple of years

- Original Message - 
From: "Jim Matuska" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 26, 2004 5:42 PM
Subject: Re: [Declude.Virus] Scott, what is our future?


> I 100% agree, we have less than a week left on our service agreement,
before
> it expires I will have to make a recommendation to my boss that will
likely
> be one of the following:
>
> Option 1:  Give in to Imail's new scheme and pay to upgrade to the Imail
> Collaboration Suite
>
> Option 2:  Switch to Exchange, an new Spam, and Virus providers (would be
> very costly)
>
> Option 3:  Switch to another Email program, find a new Spam, and AntiVirus
> Solution for the new solution
>
> >From what I hear many people on the list are going through this process
> right now.  As nice as it was having that office email from CH without and
> announcement with some sort of details on where declude is heading, I can
> hear many server admins jumping ship and dumping Imail and Declude within
> the next 24 to 48 hours.
>
> I personally have been very happy with the declude products, and I send
the
> blame 100% to Imail and not Declude, but unfortunately unless some details
> are provided on where Declude is heading (ASAP) it will be very likely
that
> declude will not be used much longer as much as I hate to say.  In a
mission
> critical environment, we cannot be without a supported email product and
at
> this point I don't see how we are going to be able to use declude no
matter
> what choice we make.
>
> Jim Matuska Jr.
> Computer Tech II
> CCNA
> Nez Perce Tribe
> Information Systems
> [EMAIL PROTECTED]
> - Original Message - 
> From: "Matt Robertson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, October 26, 2004 9:52 AM
> Subject: Re: [Declude.Virus] Scott, what is our future?
>
>
> >I want to add my voice to getting some sort of indicator from CH ASAP.
> > I am buying a mail server in the next several days, and typing up my
> > recommendations now.  If CH announces (even eventual) support for one
> > server or another thats a big factor in my decision, as I want Declude
> > Virus running on that box if possible.
> >
> > -- 
> > --Matt Robertson--
> > President, Janitor
> > MSB Designs, Inc.
> > mysecretbase.com
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.Virus mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.Virus".The archives can be found
> > at http://www.mail-archive.com.
> >
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Scott, what is our future?

2004-10-25 Thread Serge 
ditto
looking seriously to moving to exim (unix, www.exim.org, free), or more
likely, Mdaemon (windows platform, supports sniffer)
knowing if declude is planning to interface with another product will
probably help me make the decision



- Original Message - 
From: "Matt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 25, 2004 11:53 PM
Subject: Re: [Declude.Virus] Scott, what is our future?


> Scott,
>
> I accept that Declude isn't going away, but I've dumped a lot of money
> into building my service around both Declude and IMail, and as things
> stand at the moment, I don't have $4,000 to dump on their new product
> just so that I can get updates for the things that they have managed to
> break and not fix.
>
> If you are working on another MTA, then let's hear it!  As things stand
> at the moment, it looks like I have no other choice but to switch to
> another platform, and it would be best to know what your plans are
> before I start making my own.  My gut tells me that even if I threw
> Ipswitch another $4,000, nothing would really change with them except
> for the damn price, and I really, really hate being taken advantage of.
>
> Maybe you are confident about your plans for the future, but not knowing
> them, how could I be.
>
> Thanks,
>
> Matt
>
>
>
> R. Scott Perry wrote:
>
> >
> >> You have been strangely quiet. Are you in shock or formulating a
plan --
> >> hopefully the latter?
> >
> >
> > Although I will admit to shock (disbelief would be a more appropriate
> > term) when I first heard about this.  I didn't think that Ipswitch
> > would actually do it.  But they did.
> >
> > As for formulating a plan, that is in the works.  But a lot will
> > depend on whether Ipswitch is smart enough to fix the problem, or
> > whether they truly isolate the majority of their loyal customers.
> >
> >> It may be too early to ask, but what does the future hold for
> >> Declude/Imail
> >> or Declude and _ mail server product (fill in the blank)?
> >
> >
> > It's too early to say.  A lot will depend on how Ipswitch responds to
> > their customers -- I can't imagine that they will completely ignore
> > this.  A business can't survive by destroying a loyal customer base,
> > when they have the product to offer.
> >
> > But I can definitely say this:  Declude isn't going to go away, no
> > matter what Ipswitch may do.
> >
> >-Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail
> > mailservers since 2000.
> > Declude Virus: Ultra reliable virus detection and the leader in
> > mailserver vulnerability detection.
> > Find out what you've been missing: Ask for a free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.Virus mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.Virus".The archives can be found
> > at http://www.mail-archive.com.
> >
> >
>
> -- 
> =
> MailPure custom filters for Declude JunkMail Pro.
> http://www.mailpure.com/software/
> =
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] passworded zip file

2004-10-25 Thread Serge 



create a special mailbox for your 
client
let him use it only for that file
use per-user config in declude virus 
pro to whitelist (turn declude virus off) on that particular 
mailbox
use imail rules to delete all mails to that mailbox 
that does not have the sender address and ip in the header
 
 
 

  - Original Message - 
  From: 
  Peter Lowish 
  
  To: [EMAIL PROTECTED] 
  Sent: Monday, October 25, 2004 11:34 
  PM
  Subject: [Declude.Virus] passworded zip 
  file
  
  Declude 1.81 virus 
  standard
   
  A client reguarly 
  receives a passworded .zip file. A similiar file is batch sent to 100's of 
  others - the sender cant/wont change the way they send these files. The file 
  is always received from the same sender using the same ip 
  address
   
  We have been 
  using virus_domains.txt to bypass our clients email being scanned for 
  virus's until very recently, but has found several virus's have recently 
  got thru their own anti virus 
software
   
  Is there any way of 
  declude virus whitelisting either the senders email address or ip address for 
  email being sent to our client? - I have added the IP address to be 
  whitelisted in global.cfg but it still deletes what it believes to be an 
  infected file
   
  10/23/2004 17:59:24 
  Qe52c1aeb008a6cf6 Found encrypted .ZIP file10/23/2004 17:59:24 
  Qe52c1aeb008a6cf6 Scanned: Banned file extension. [MIME: 3 5031]10/23/2004 
  17:59:24 Qe52c1aeb008a6cf6 Couldn't open E-mail file 
  C:\IMail\Declude\BANnotify.eml.10/23/2004 17:59:24 Qe52c1aeb008a6cf6 From: 
  [EMAIL PROTECTED] To: [EMAIL PROTECTED]10/23/2004 
  17:59:24 Qe52c1aeb008a6cf6 Subject: ---Confidential MOE CSV File for pay 
  period 315[23/10/2004 17:56:27]
   
  tks
   
  Peter

Re: Re[2]: [Declude.Virus] Feature request

2004-07-27 Thread serge 
 the issue will be resolved when the granularity is added to banzipext
which scott said they should introduce in a future release.

we will have something like
banzipext SCR
banzipext ZIP

No ?

- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Dan Geiser" <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 9:15 PM
Subject: Re[2]: [Declude.Virus] Feature request


> On Tuesday, July 27, 2004, 4:38:49 PM, Dan wrote:
>
> What about BNAZIPn where n is some number of levels or greater.
>
> That is BANZIP3 instead of BANZIPZIPZIP, and in case someone wants to
> allow 3 levels of depth (if it comes to that) BANZIP4...
>
> _M
>
> DG> I would like to request BANZIPINZIPINZIP.
>
> DG> - Original Message - 
> DG> From: "Scott Fisher" <[EMAIL PROTECTED]>
> DG> To: <[EMAIL PROTECTED]>
> DG> Sent: Tuesday, July 27, 2004 10:30 AM
> DG> Subject: [Declude.Virus] Feature request
>
>
> DG> Now that zip files containing .zip files are a known virus threat,
will
> DG> there be a Declude update to block this virus vulnerability? I think
we can
> DG> certainly expect to see more of these in the future. I'd also like to
see
> DG> this as a high priority from Declude.
>
> DG> As a corporate customer a BANZIPINZIP option would certainly be
acceptable.
> DG> It would be more questionable for ISP customers. It's probably the
easiest
> DG> quick fix.
>
> DG> Making BANZIPEXTS recursive is another option.
>
> >>> BANZIPEXTS doesn't check .ZIP files within .ZIP files.
>
> DG> As a Declude Virus Pro user running three anti-virus scanners and
having
> DG> tons of extensions blocked, I see .zip files containing .zip files to
be the
> DG> most viable way to get a virus into my e-mail system.
>
>
>
>
> DG> Scott Fisher
> DG> Director of IT
> DG> Farm Progress Companies
>
> DG> ---
> DG> [This E-mail was scanned for viruses by Declude Virus
> DG> (http://www.declude.com)]
>
> DG> ---
> DG> This E-mail came from the Declude.Virus mailing list.  To
> DG> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> DG> type "unsubscribe Declude.Virus".The archives can be found
> DG> at http://www.mail-archive.com.
>
DG> ---
> DG> Sign up for virus-free and spam-free e-mail with Nexus Technology
Group
> DG> http://www.nexustechgroup.com/mailscan
>
>
>
>
DG> ---
> DG> Sign up for virus-free and spam-free e-mail with Nexus Technology
Group
> DG> http://www.nexustechgroup.com/mailscan
>
> DG> ---
> DG> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> DG> ---
> DG> This E-mail came from the Declude.Virus mailing list.  To
> DG> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> DG> type "unsubscribe Declude.Virus".The archives can be found
> DG> at http://www.mail-archive.com.
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] SKIPIFRECIP & SKIPIFVIRUSNAMEHAS

2004-07-19 Thread Serge 



see reply offlist

  - Original Message - 
  From: 
  Dan 
  Geiser 
  To: [EMAIL PROTECTED] 
  Sent: Monday, July 19, 2004 8:01 PM
  Subject: Re: [Declude.Virus] SKIPIFRECIP 
  & SKIPIFVIRUSNAMEHAS
  
  Serge,
  When you use the names "regular viruses/forging 
  viruses emls" what is the exact file name that you are referring 
  to?
   
  When you use the name "vulnerability eml" what is 
  the exact file name that you are referring to?
   
  Thanks In Advance,
  Dan Geiser
  [EMAIL PROTECTED]
  
- Original Message ----- 
From: 
serge 
To: [EMAIL PROTECTED] 
Sent: Saturday, July 17, 2004 7:00 
AM
Subject: Re: [Declude.Virus] 
SKIPIFRECIP & SKIPIFVIRUSNAMEHAS

that should be possible
in the regular viruses/forging viruses emls, 
you add
SKIPIFVIRUSNAMEHAS Vulnerability
 
In the vulnerability eml you add
SKIPIFVIRUSNAMEDOESNOTHAVE 
Vulnerability
SKIPIFRECIP [EMAIL PROTECTED]
 
 
You can also do that by usng imail rules 
on the recepient mailbox
 
in both solutions, you need to have differen 
emls for vulnerabilities and for viruses
 

  - Original Message - 
  From: 
  Dan 
  Geiser 
  To: [EMAIL PROTECTED] 
  
  Sent: Friday, July 16, 2004 7:44 
  PM
  Subject: [Declude.Virus] SKIPIFRECIP 
  & SKIPIFVIRUSNAMEHAS
  
  Hello, All,
  I know that I can use SKIPIFRECIP to skip 
  Virus Warnings for specific Domain Names and I can use SKIPIFVIRUSNAMEHAS 
  to skip Virus Warnings for specific Virus Names.  But is there any 
  way I can supress Virus for a specific Virus Name for just one domain 
  name?  Specifically I have one customer who doesn't want to receive 
  the "Vulnerability" warnings any longer.
   
  Thanks In Advance,
  Dan Geiser
  [EMAIL PROTECTED]

Re: [Declude.Virus] SKIPIFRECIP & SKIPIFVIRUSNAMEHAS

2004-07-17 Thread serge 



that should be possible
in the regular viruses/forging viruses emls, you 
add
SKIPIFVIRUSNAMEHAS Vulnerability
 
In the vulnerability eml you add
SKIPIFVIRUSNAMEDOESNOTHAVE 
Vulnerability
SKIPIFRECIP [EMAIL PROTECTED]
 
 
You can also do that by usng imail rules on 
the recepient mailbox
 
in both solutions, you need to have differen emls 
for vulnerabilities and for viruses
 

  - Original Message - 
  From: 
  Dan 
  Geiser 
  To: [EMAIL PROTECTED] 
  Sent: Friday, July 16, 2004 7:44 PM
  Subject: [Declude.Virus] SKIPIFRECIP 
  & SKIPIFVIRUSNAMEHAS
  
  Hello, All,
  I know that I can use SKIPIFRECIP to skip Virus 
  Warnings for specific Domain Names and I can use SKIPIFVIRUSNAMEHAS to skip 
  Virus Warnings for specific Virus Names.  But is there any way I can 
  supress Virus for a specific Virus Name for just one domain name?  
  Specifically I have one customer who doesn't want to receive the 
  "Vulnerability" warnings any longer.
   
  Thanks In Advance,
  Dan Geiser
  [EMAIL PROTECTED]

Re: [Declude.Virus] Link for checking virus sending IP addresses

2004-07-06 Thread Serge 
can not find the oiginal link
but this will work if you replace the xs by the IP adress
this is for class C (%F24)
http://apps.declude.com/tools/virstats.ch?ip=xxx.xxx.xxx.0%2F24&time=72&type=IP


- Original Message - 
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 06, 2004 9:45 PM
Subject: [Declude.Virus] Link for checking virus sending IP addresses


> What is the link for checking on IP addresses reported sending viruses?
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] F-Prot Version 3.15 w/Declude

2004-07-05 Thread serge 
> "C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe" /run /quit

Problem wih above is that when there is a new fprot  version, the virus def
update will fail
I use the batch upgrade as a backup for these situations.


- Original Message - 
From: "Douglas Cohn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 04, 2004 4:58 PM
Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude


> This is the command we run from task manager and have for some time with
no
> issues.
>
> "C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe" /run /quit
>
> DC
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hyslip
> Sent: Friday, July 02, 2004 6:30 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude
>
> will it run through task manager if called?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of J Porter
> Sent: Friday, July 02, 2004 4:19 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] F-Prot Version 3.15 w/Declude
>
> I don't log out of the email server. I simply lock the console. The
Updater
> will still run and the system still requires a password to get back to the
> console.
>
> Is there a good reason not to do it this way??
>
> ~Joe
>
> - Original Message -
> From: "Douglas Cohn" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, July 01, 2004 3:53 PM
> Subject: RE: [Declude.Virus] F-Prot Version 3.15 w/Declude
>
>
> > I have been doing that exact thing for months now.  The question is what
> > does the new version do differently that may affect the way updates
work,
> > not so much how you go out and get them.
> >
> > Using the scheduler requires that you have the box logged in all the
time
> > which is clearly not an option for a mail server.
>
> ---
> [This E-mail scanned for viruses at HNB.com]
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Stranger...

2004-06-08 Thread Serge 
Hi scott
There was no Bcc: adresses in the gif i posted
Only TO: and CC:
Does this make a difference ?
Is there a way to check (in declude ogs, event logs, ...) what is going on ?
Next time I get an open window, i will compare the adresses to those found
in declude.virus logs and see if there is any matchings .

TIA


- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 6:08 PM
Subject: Re: [Declude.Virus] Stranger...


>
> >can the issue be due to declude ?
>
> It shouldn't be possible, because:
>
> >Does declude use imail1 for its virus notifications ?
>
> Even though Declude Virus does use IMail1.exe for its notifications, it
> never uses Bcc: headers, which were appearing in the ones that you saw
> (and, the IMail1.exe process shouldn't appear, and should immediately be
> removed from the Task Manager as soon as the E-mail is delivered).
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Ultra reliable virus detection and the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Stranger...

2004-06-08 Thread Serge 
Title: Strange...



Scott
can the issue be due to declude ?
Does declude use imail1 for its virus notifications 
?
Because the adresses i am seiing can only come from 
a  virus/virus-message
 
 

  - Original Message - 
  From: 
  Serge 
  To: [EMAIL PROTECTED] 
  Sent: Tuesday, June 08, 2004 12:50 
  AM
  Subject: Re: [Declude.Virus] 
  Stranger...
  
  is imail1used by IMAIL?
  i mean, can we delete or rename imail1 
  ?
   
  
- Original Message - 
From: 
Darin Cox 
To: [EMAIL PROTECTED] 
Sent: Tuesday, June 08, 2004 12:24 
AM
Subject: Re: [Declude.Virus] 
Stranger...

Don't know...never seen the 
problem...
 
I sent that link because it showed that there 
is a switch that will cause it to pop up... -i.  Might check to see if 
that could have anything to do with it.  You might also check your 
registry for anything different from the standard settings.
Darin.
 
 
- Original Message - 
From: serge 
To: [EMAIL PROTECTED] 
Sent: Monday, June 07, 2004 7:46 PM
Subject: Re: [Declude.Virus] Stranger...


i know imail1 is a command line 
mailer
but how do i find what i causing the imail 1 
window to be open and filed with all these adresses ?
see attached gif
 
 

  - Original Message - 
  From: 
  Darin Cox 

  To: [EMAIL PROTECTED] 
  
  Sent: Monday, June 07, 2004 10:21 
  PM
  Subject: Re: [Declude.Virus] 
  Stranger...
  
  Does this shed any light?
   
  http://support.ipswitch.com/kb/IM-19980119-DD10.htm
  Darin.
   
   
  - Original Message - 
  From: Serge 
  To: [EMAIL PROTECTED] 
  
  Sent: Monday, June 07, 2004 3:55 PM
  Subject: [Declude.Virus] Stranger...
  
  hi all
  urgent help needed
  I have imail1 client window ("create mail 
  message") pop up on my server with all kind of real and strange addresses 
  in the TO: and CC: Fields.
  The windows remains open on the server 
  desktop.
  Is this a virus ? how can i identify the 
  service/virus/application causing this ?
   
  TIA

Re: [Declude.Virus] Stranger...

2004-06-07 Thread Serge 
Title: Strange...



is imail1used by IMAIL?
i mean, can we delete or rename imail1 
?
 

  - Original Message - 
  From: 
  Darin Cox 
  To: [EMAIL PROTECTED] 
  Sent: Tuesday, June 08, 2004 12:24 
  AM
  Subject: Re: [Declude.Virus] 
  Stranger...
  
  Don't know...never seen the 
  problem...
   
  I sent that link because it showed that there is 
  a switch that will cause it to pop up... -i.  Might check to see if that 
  could have anything to do with it.  You might also check your registry 
  for anything different from the standard settings.
  Darin.
   
   
  - Original Message - 
  From: serge 
  To: [EMAIL PROTECTED] 
  Sent: Monday, June 07, 2004 7:46 PM
  Subject: Re: [Declude.Virus] Stranger...
  
  
  i know imail1 is a command line 
  mailer
  but how do i find what i causing the imail 1 
  window to be open and filed with all these adresses ?
  see attached gif
   
   
  
- Original Message - 
From: 
Darin Cox 
To: [EMAIL PROTECTED] 
Sent: Monday, June 07, 2004 10:21 
PM
Subject: Re: [Declude.Virus] 
Stranger...

Does this shed any light?
 
http://support.ipswitch.com/kb/IM-19980119-DD10.htm
Darin.
 
 
- Original Message - 
From: Serge 
To: [EMAIL PROTECTED] 
Sent: Monday, June 07, 2004 3:55 PM
Subject: [Declude.Virus] Stranger...

hi all
urgent help needed
I have imail1 client window ("create mail 
message") pop up on my server with all kind of real and strange addresses in 
the TO: and CC: Fields.
The windows remains open on the server 
desktop.
Is this a virus ? how can i identify the 
service/virus/application causing this ?
 
TIA

Re: [Declude.Virus] Stranger...

2004-06-07 Thread serge 
Title: Strange...




i know imail1 is a command line mailer
but how do i find what i causing the imail 1 window 
to be open and filed with all these adresses ?
see attached gif
 
 

  - Original Message - 
  From: 
  Darin Cox 
  To: [EMAIL PROTECTED] 
  Sent: Monday, June 07, 2004 10:21 
PM
  Subject: Re: [Declude.Virus] 
  Stranger...
  
  Does this shed any light?
   
  http://support.ipswitch.com/kb/IM-19980119-DD10.htm
  Darin.
   
   
  - Original Message - 
  From: Serge 
  To: [EMAIL PROTECTED] 
  Sent: Monday, June 07, 2004 3:55 PM
  Subject: [Declude.Virus] Stranger...
  
  hi all
  urgent help needed
  I have imail1 client window ("create mail 
  message") pop up on my server with all kind of real and strange addresses in 
  the TO: and CC: Fields.
  The windows remains open on the server 
  desktop.
  Is this a virus ? how can i identify the 
  service/virus/application causing this ?
   
  TIA
<>

Re: [Declude.Virus] Stranger...

2004-06-07 Thread Serge 



LDAP service is not running.
Any other idea ?
 
 
 

  - Original Message - 
  From: 
  Matt 
  To: [EMAIL PROTECTED] 
  Sent: Monday, June 07, 2004 8:07 PM
  Subject: Re: [Declude.Virus] 
  Stranger...
  Never seen anything like it, but having an IMail window come up 
  as a result of a virus would be rather odd I would think.  I would lean 
  in the direction of this being a software state that a reboot might fix, or 
  possibly your server is being exploited.  There was an LDAP vulnerability 
  in IMail that was fixed in a patch to 8.05.  If you don't use LDAP, I 
  would recommend turning it off.  Apparently this can give the hacker full 
  access to IMail and possibly your whole server.  It was being exploited 
  as well so it must be patched or disabled...or else.No other clues 
  though and keep in mind that I am stabbing in the 
  dark.MattSerge wrote:
  



hi all
urgent help needed
I have imail1 client window ("create mail 
message") pop up on my server with all kind of real and strange addresses in 
the TO: and CC: Fields.
The windows remains open on the server 
desktop.
Is this a virus ? how can i identify the 
service/virus/application causing this ?
 
TIA-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

Re: [Declude.Virus] Stranger...

2004-06-07 Thread Serge 



LDAP service is not running.
Any other idea ?
 
 
 

  - Original Message - 
  From: 
  Matt 
  To: [EMAIL PROTECTED] 
  Sent: Monday, June 07, 2004 8:07 PM
  Subject: Re: [Declude.Virus] 
  Stranger...
  Never seen anything like it, but having an IMail window come up 
  as a result of a virus would be rather odd I would think.  I would lean 
  in the direction of this being a software state that a reboot might fix, or 
  possibly your server is being exploited.  There was an LDAP vulnerability 
  in IMail that was fixed in a patch to 8.05.  If you don't use LDAP, I 
  would recommend turning it off.  Apparently this can give the hacker full 
  access to IMail and possibly your whole server.  It was being exploited 
  as well so it must be patched or disabled...or else.No other clues 
  though and keep in mind that I am stabbing in the 
  dark.MattSerge wrote:
  



hi all
urgent help needed
I have imail1 client window ("create mail 
message") pop up on my server with all kind of real and strange addresses in 
the TO: and CC: Fields.
The windows remains open on the server 
desktop.
Is this a virus ? how can i identify the 
service/virus/application causing this ?
 
TIA-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

Re: [Declude.Virus] Stranger...

2004-06-07 Thread Serge 



LDAP service is not running.
Any other idea ?
 
 
 

  - Original Message - 
  From: 
  Matt 
  To: [EMAIL PROTECTED] 
  Sent: Monday, June 07, 2004 8:07 PM
  Subject: Re: [Declude.Virus] 
  Stranger...
  Never seen anything like it, but having an IMail window come up 
  as a result of a virus would be rather odd I would think.  I would lean 
  in the direction of this being a software state that a reboot might fix, or 
  possibly your server is being exploited.  There was an LDAP vulnerability 
  in IMail that was fixed in a patch to 8.05.  If you don't use LDAP, I 
  would recommend turning it off.  Apparently this can give the hacker full 
  access to IMail and possibly your whole server.  It was being exploited 
  as well so it must be patched or disabled...or else.No other clues 
  though and keep in mind that I am stabbing in the 
  dark.MattSerge wrote:
  



hi all
urgent help needed
I have imail1 client window ("create mail 
message") pop up on my server with all kind of real and strange addresses in 
the TO: and CC: Fields.
The windows remains open on the server 
desktop.
Is this a virus ? how can i identify the 
service/virus/application causing this ?
 
TIA-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

[Declude.Virus] Stranger...

2004-06-07 Thread Serge 
Title: Strange...



hi all
urgent help needed
I have imail1 client window ("create mail message") 
pop up on my server with all kind of real and strange addresses in the TO: and 
CC: Fields.
The windows remains open on the server 
desktop.
Is this a virus ? how can i identify the 
service/virus/application causing this ?
 
TIA

[Declude.Virus] Server Hijacked

2004-05-23 Thread serge 
hi

We got our server hijacked today. We use "relay for adresses" and one of our
clients servers, who is using MDaemon was used as a relay to realy through
our server.
I blocked all coming smtp connection to adresses other than our mail
server's.  (outgoing smtp was blocked for a long time, but that was the
first time someone relay through our customers.
I am now more likely to buy Hijack, that will budgeted soon.
Meanwhile need more ideas on what i can do to increase security.
One idea is to block all mail through our server where the From or the
Replyto is from a local domain, or a local valid address.
Is this a good idea ? and can this be done with Imail/declude ?

TIA

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Problem reinstalling 1.75 on a new server

2004-05-18 Thread Serge 
You seem to have 2 different issues, one with declude, another with fprot

1- put the complete pass for virdir (in your case d:\imail\spool\virus )
2- make sure d:\imail\spool\virus directory exists
3- what is the error message you are getting when you run fprot from command
line ?
4- what is in your virus.cfg file (do not post your activation code) ?
5- go to d:\imail, type "declude > declude.txt" and post the declude.txt
file
6- Try to reinstall f-prot in c:\fprot, instead of C:\Progra~1\FSI\F-Prot
and see what happens


- Original Message - 
From: "Yoder, Chris" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 12, 2004 5:09 PM
Subject: [Declude.Virus] Problem reinstalling 1.75 on a new server


>  I have IMail set up on a new server with the main Imail (software +
> users) directory on D and the spool directory on E.  We are using F-Prot
as
> our anti-virus scanner.
>
>  When I run declude.exe from the command line in the D:\imail
directory
> in the setup step, I get the message back:
>
> D:\imail>declude
> Declude 1.75 (C) Copyright 2000-2003 Computerized Horizons.  All Rights
> Reserved
> .
>
> argc<2
> D:\imail>declude
>
>  In virus.cfg, I have the following lines to activate declude:
>
> SCANFILE C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE
> /NOBOOT /DUMB /REPORT=report.txt
> VIRUSCODE 3
> VIRUSCODE 6
> REPORT Infection:
>
> VIRDIR spool\virus
>
> Note that I didn't move VIRDIR to E: (should I have? there is a directory
on
> D called spool.)
>
> In D:\imail\spool I have a file titled vir0511.log, but not one for today.
>
> If I execute:  C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM
> /ARCHIVE /NOBOOT /DUMB /REPORT=report.txt
>
> at the command line, I do not get an error.
>
> I have verified that virus.cfg file is in the D:\imail\declude directory.
>
> -- Chris Yoder Smog, Just say NO!
>Director, Information Services, DAR Drive electric today.
>[EMAIL PROTECTED]  http://www.its.caltech.edu/~rcy/
>
> Treat the Earth well.
>  It was not given to you by your parents.
>  It was loaned to you by your children.
>
>   - Kenyan proverb (Listed at The American Museum of Natural History in NY
> City)
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information

2004-03-26 Thread serge 
For those of us who are not full time postmasters, we may spend days,
sometime more than a couple of weeks without reading these lists.
and when we come back, we usualy do not have the time to catch up
so an emergency junkmail list would be welcomed, not necessarly to route to
sms/pager, but at least to regular email adress



- Original Message - 
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 27, 2004 12:50 AM
Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus
information


> > we need a similar emergency list for spam tests going down, requiring
> > changes in Global.cfg
>
> Not really, as those (in the past) have not occurred so rapidly that a
> problem occurred. There is almost always a few days notice and is
discussed
> on the JunkMail list.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] New Virus Alert mailing list for urgent virus information

2004-03-26 Thread serge 
we need a similar emergency list for spam tests going down, requiring
changes in global.cfg


- Original Message - 
From: "Dale McDiarmid" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 26, 2004 10:37 PM
Subject: Re: [Declude.Virus] New Virus Alert mailing list for urgent virus
information


>
> Excellent idea. Thank you very much.
>
> D.
>
>
> At 01:29 PM 3/26/2004, you wrote:
> >FYI, at the request of our customers, we have just set a new mailing list
> >called "Virus Alert".  The list is designed to let our customers know as
> >soon as we find out about new, fast-spreading viruses.  The goal is to
> >help you be as protected as possible before virus definitions are
updated.
> >
> >Unlike virus alert lists from AV companies, the only posts to this list
> >will be ones that are urgent in nature (some people will be having this
> >list forward to cell phones and pagers).  We expect that this list will
> >have perhaps several posts per month (as opposed to the several posts per
> >day on most AV alert lists).
> >
> >We expect that when a new, fast-spreading virus appears, there will be
> >several posts to this list.  The first will be to inform that we believe
a
> >new, fast-spreading virus has been released.  This will be posted as soon
> >as we believe this to be the case.  Then, if we discover information that
> >can be used to block the virus before virus definitions are updated, we
> >will post that.  Finally, if an interim release of Declude Virus is
> >required to catch the virus for some reason, we will post when that is
ready.
> >
> >E-mails from this list will have "[Virus Alert]" in the subject.
> >
> >Note that this is a moderated list.
> > -Scott
> >
> >---
> >[This E-mail was scanned for viruses by Declude Virus
> >(http://www.declude.com)]
> >
> >---
> >This E-mail came from the Declude.Virus mailing list.  To
> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >type "unsubscribe Declude.Virus".The archives can be found
> >at http://www.mail-archive.com.
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Is this dangerous ?

2004-03-23 Thread serge 
This is the type that ask you do click and download
Dangerous ?
How can it be blocked ?





Received: from juengel.com [200.189.84.134] by mail.cefib.com
  (SMTPD32-8.05) id AA401500290; Tue, 23 Mar 2004 05:25:20 +
Message-ID: <[EMAIL PROTECTED]>
From: Security Fix <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Control Your PC
Date: Tue, 23 Mar 2004 01:28:28 -0500
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="=_NextPart_245_F5DD_6071F5DD.6071F5DD"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-IMAIL-SPAM-VALFROM: (22020752)
X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command . [2-39-13800]
X-RBL-Warning: IPNOTINMX:  [2-42-15000]
X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail
detected. [2-43-15800]
X-RBL-Warning: Failed Foreign Filter
X-Declude-Sender: [EMAIL PROTECTED] [200.189.84.134]
X-Declude-Spoolname: Dca40015002909a77.SMD
Organization: CEFIB Internet (Incoming)
X-CEFIB-Note: This E-mail was scanned by Declude JunkMail (www.declude.com)
for spam.
X-CEFIB-Note: Declude version: 1.78i27
X-CEFIB-Note: Spam-Tests-Failed: CMDSPACE, IPNOTINMX, NOLEGITCONTENT,
FOREIGN, CATCHALLMAILS
X-CEFIB-Note: Spam-Tests-Failed: CMDSPACE [3], IPNOTINMX [0], NOLEGITCONTENT
[0], FOREIGN [0], CATCHALLMAILS [0]
X-CEFIB-Note: weight: 3
X-CEFIB-Note: This E-mail was sent from
cnet-cable-189-84-134.canbrasnet.com.br ([200.189.84.134]).
X-CEFIB-Note: Country Chain: BRAZIL->destination
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 376432172

This is a multi-part message in MIME format.

--=_NextPart_245_F5DD_6071F5DD.6071F5DD
Content-Type: text/plain;
 charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

To the internet store at: http://219.147.192.165/ee?kAgZ

gfvogyqfohiothkiablljnyeooqoxpddwascakjotrcnaoxbqjobymfodvdckifhizlkmvzf
dupsssidgjdsqrxluzxehgmiszupycddwsvqkftsowngokrkmrptxdbrcwicamgwgbnthilxhygx
lxhxqysqethirslrgtqmwfhfnvfwvltgkdfbbxrhtaqksbeawu
szwyordlpoexyjdbncsuvvkipnmqjidejbcxvhkkvrhvamxnprimmuuciistsxxbyzzvilhdcpbd
dysupajcxfgfoyygvykvzjriwynzpoevmwpczygwemdum
chbmedxvluwytnnzizxadwyluezzylddsgpzjnwwjsveiidqjaqpzrcvvcvwnabigqjsffooyjug
txyfapwziywdcrbsrccavlucqitounw
lxwlmsmwtizvcdnvhrxccrftcyjwninyfkltczpxkqtmtihdahfeymxamhyarmawwopaneyzwtl
dvvfcckcrjddqbfhpiflwuolaolzhyrmtmsxoeafnflgispyavlyrzmunxtwvklryfqmjq
yxhegzuecrpckpoeelzdjjochtswelscizhoaduewkhgbvnhjmksyywftodxzvakujavmvzkhiqk
efrnschq
fxwtbtvwvhrehoscpcjyvteanturckvhirclnzhkgapoqhqikcgfxmhkfcdjmzswsujfurqathqk
ojsala
kopxvraefbweuqnbmgtpcafmrogrbizmwolrhlvontuhlkkyqepseugvlopowoauellnzibod
xpihpyletsabpnsecqselysyltjphmngdvnsvbyqvbskqmpscjznirovkxktlxzpuojqpkimlaxd
omwrxvefosbyrnrdnsshgdzynikakh
zvcstzwanrdlktengwhpclraabnbnuhmsjelidnxwtigmowukdjoqcrtdewradfsom
yrtvpofxattufzfvrimknsggtjmnzatxrougcbfcwzybadzrnncbgijbuvovvhvovpuxrabpbzrd
fquufyxljhodcdyamtoklljenltommrrenmkmjxvq
avravdwlnjwxnjkizwvsqbgeluplriztdqtavpllyikntuwtstlkwtoingvgouztmtthkgslocai
yydtrodoiuyxcveqpfjbyeklkdybhyli
odqeigoegmgbsyqxjtynelajjbshmcgcfxgqfvumjbnbbgalzayflyqublepnmrvlylrtfdciqfk
wfvygvftwwqxhwnwigrueelzkqduikghsdf
zmtxijurfjqqqhkwmxyypbuxobegglghyzeilzcsksiczsznrzngaieolkwrwczucdepeghryqta
kunctbkwlokwzjnxlorpsxeyempeej

--=_NextPart_245_F5DD_6071F5DD.6071F5DD
Content-Type: text/html;
 charset="iso-8859-1"
Content-Transfer-Encoding: 8bit








Message
loading
http://219.147.192.165/ee?xdQay";>http://219.147.192.165/images/0/oubdwl.gif"; BORDER=0>
Image not showing? See
message http://219.147.192.165/ee?zMHuQms";>here.


http://219.147.192.165/o/?IGVh";>Stop all announcements.

5DcDO.iM03..NXe1s.KqboL.
owo ghnd, ublbq, dzky . byjj esy wlz, zqy, fdazf . cveiwq
drena ttjer, djv, jfap . cuuery notsg hikbdt, urkd, fpt . eajauo
sagi yqvizf, casxre, fltas . aczuqs sawqb njosus, mrn, uudnu . nwxoqp
ekhc itn, hhncdb, qtpm . diu eti jpa, zevj, kdhts . wufo
uamzig mzcikt, fuqce, mjyfb . dxqr nrzm hipi, xvfja, afgqr . ozuacs
uhd ispp, gzogu, pxvrcb . vuy pybjr quky, bpqko, qla . kvzm
hjtf kejtv, jrs, iwyygn . yaffkc ydljz rjxadu, mndwv, uwhj . hjkm
mttq drx, awx, sfsgio . jkbs ezf obd, wvnbmn, mlx . eekmp
ryk tgzs, qiptp, odrcqp . boihs thw ijgbpf, dxgu, vkgab . ssb
gldai iems, uvfb, kzyfp . pywsi kjlq qsfral, uzzpgb, qaixr . opb
asqlf ivbpp, buycup, vxa . gyqkmi tifl kuei, txau, awnqgk . hhvfai
ixmsdy psrxpl, rhq, gdi . oxt vyxfsh gzhen, yeyp, vhblbh . ltein
fnbkf pokysx, tewi, tryg . hwf boqfvd iltxz, xtb, mhvxfo . fuj
sqqv iacll, yehzi, vmd . tygaox iiv ynwf, zhimrj, aib . fnm
ikvjzs jammbz, gwkn, yen . gyrmd asplo mipvl, kmev, ahf . fluvt
nhxti itg, hox, zaole . fgsmnx htsb aybiq, dws, nsq . uhc
shhl uitbd, eno, pytbbs . nfnfvk xlf sqbpaw, gkx, acky . lbph
wwwsg prp, mfx, iuvoes . fuufsf jozgnv tgpnv, zdj, ldxbk . mrmgw
ofq fyp, ylkny, zzllb . oabys phwopk foafgf, rrtrzu, mft . wtp
odmxb mlxub, zhhda, yry . hmy zuwoq tejug, heplgr, nwt . umlmwa
yzg pxi, brhk, rqgcwx . jvpwp keako lxv, ufnxz, j

Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners

2004-03-18 Thread Serge 
what is the vulnaribilité type these new virus/vuln will show in the
virusname variable?


- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 5:19 PM
Subject: Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q
can't be detected as a virus by mailserver virus scanners


>
> >I mean will these notifications still get sent for these new beasts
>
> Since these new viruses will be detected and handled the same way as
> vulnerabilities, the "SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability" line will
> work fine (handling these the same way as any other vulnerability).
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Ultra reliable virus detection and the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners

2004-03-18 Thread Serge 
I mean will these notifications still get sent for these new beasts

- Original Message - 
From: "Serge" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 5:00 PM
Subject: [SpamIndex=10]Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't
be detected as a virus by mailserver virus scanners


> We have this in vulnerability notifications:
>
> SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability
> Will this work ?
>
>
> - Original Message - 
> From: "R. Scott Perry" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, March 18, 2004 2:17 PM
> Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected
> as a virus by mailserver virus scanners
>
>
> >
> > >How do notifications work with this new exploit?
> >
> > They will be handled the same way as other vulnerabilities.
> >
> > >Also, normally I would not run interim releases, but I have had to
lately
> > >with all the virus stuff going on.  Any ideas when a new release will
be
> > >made?  I know this virus stuff keeps causing updates, but I would feel
> more
> > >comfortable with a released version at some point.
> >
> > We hope to have a new beta soon -- but if these viruses keep up, we may
> > have to wait.
> >
> > -Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> > since 2000.
> > Declude Virus: Ultra reliable virus detection and the leader in
mailserver
> > vulnerability detection.
> > Find out what you've been missing: Ask for a free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.Virus mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.Virus".The archives can be found
> > at http://www.mail-archive.com.
> >
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected as a virus by mailserver virus scanners

2004-03-18 Thread Serge 
We have this in vulnerability notifications:

SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability
Will this work ?


- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 2:17 PM
Subject: RE: [Declude.Virus] Virus wars heat up: Bagle.Q can't be detected
as a virus by mailserver virus scanners


>
> >How do notifications work with this new exploit?
>
> They will be handled the same way as other vulnerabilities.
>
> >Also, normally I would not run interim releases, but I have had to lately
> >with all the virus stuff going on.  Any ideas when a new release will be
> >made?  I know this virus stuff keeps causing updates, but I would feel
more
> >comfortable with a released version at some point.
>
> We hope to have a new beta soon -- but if these viruses keep up, we may
> have to wait.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Ultra reliable virus detection and the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] How to set no notifications for Encrypted zip?

2004-03-13 Thread Serge 
I tested
SKIPIFVIRUSNAMEHAS Encrypted .ZIP file
Works fine, even though I cannot use it, because there is only one
banext.eml

It would be nice to have more than banext.eml, like banext1.eml, banext2.eml
...
so we can customize some of those to our needs

- Original Message - 
From: "Dave Marchette" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 13, 2004 12:48 AM
Subject: RE: [Declude.Virus] How to set no notifications for Encrypted zip?


Agreed.  It is becoming increasingly essential to have a more flexible
notification mechanism.



-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 5:46 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] How to set no notifications for Encrypted
zip?


R. Scott Perry wrote:

> It can't be added, as it isn't a virus name.  It isn't possible to
> skip banned file notifications based on certain information.  I would
> recommend deleting the \IMail\Declude\BANnotify.eml file (or renaming
> it to have an extension other than .eml).


Scott, this is not a reasonable solution, bouncing the BANnotify message

would be better.

I am probably bouncing about 0.5% of my total traffic to a combination
of banned file names (DELETED0.TXT) and these password protected zips.
All of these bounces are unwanted, and I even bounced one to a virus
that forged my own account.

If I was to turn off BANnotify, then I am going to get myself into big
trouble with my clients for blocking the occasional legitimate script or

executable without any sort of notification.  This just simply isn't an
option.

I suggested a work around this morning.  Though I don't expect a fix
immediately, the BANNAME issue has been around for a while, and it
produces a significant amount of unintended bounce traffic on it's own.

I believe that you can fix this easily by allowing for the following
variables for notifications:

1) Allow us to specify different extensions for different types of
blocks, i.e.

BANZIP   EXE
BANEZIP   EXE
BANEXT   EXE
BANNAME   DELETED0.TXT

1) Populate a variable for different names for different blocked
extensions/names, i.e.

BANEXT-[extension]
BANZIP-[extension]
BANEZIP-[extension]
BANNAME-[file name]

2) Allow these variable names to be tagged along with viruses, i.e.

ONLYSENDIFBANHAS
SKIPIFBANHAS

This I believe would allow us to handle any extension blocked by any of
the 4 different means with unique messages if need be, and the
implementation is fairly straightforward.  For instance, if you wanted
to handle EZIP's with an EXE, SCR, BAT, COM or PIF within it with a
message to the recipiant instead of the sender, you would do the
following:

ONLYSENDIFBANHAS   BANEZIP-EXE
ONLYSENDIFBANHAS   BANEZIP-SCR
ONLYSENDIFBANHAS   BANEZIP-BAT
ONLYSENDIFBANHAS   BANEZIP-COM
ONLYSENDIFBANHAS   BANEZIP-PIF

If you were only blocking those five types within EZIP's, then you could

actually shorthand it with the following:

ONLYSENDIFBANHAS   BANEZIP

If this doesn't make perfect sense, then I'm on crack :)

Matt

-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Encrypted password

2004-03-13 Thread Serge 
not directly relevent to declude
scott had mentioned that certains gateway scanners parse the message body
looking for the password, use that password to open the zip file and scan it
now they can do that anymore
it would be intersting to see if these gateway products will catch this type
of message


- Original Message - 
From: "Kami Razvan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 13, 2004 5:15 PM
Subject: RE: [Declude.Virus] Encrypted password


> Hi Serge:
>
> Could you please elaborate on this?
>
> I am confused.. The virus is password protected zip file?
>
> If so then we are covered with
>
> BANEXT EZIP
>
> Or is this different?
>
> Kami
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Serge
> Sent: Saturday, March 13, 2004 12:11 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] Encrypted password
>
> Now they have it in a BMP file so antivirus programs wont be able to find
> it:
>
> Note:  Use password cid:wjqkastket.bmp";> to  open  archive
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To unsubscribe,
just
> send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Encrypted password

2004-03-13 Thread Serge 
Now they have it in a BMP file so antivirus programs wont be able to find
it:

Note:  Use password cid:wjqkastket.bmp";> to  open  archive


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] F-Prot version

2004-03-10 Thread Serge 
I have set declude to call  fprot version 3.14b and c, just in case
i just moved to a new server and have plenty of unused power


- Original Message - 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 10, 2004 6:40 PM
Subject: Re: [Declude.Virus] F-Prot version


> I submitted a sample winmail.dat and command line which illistrated the
problem to F-prot at their request.  It was probably too late to put a fix
in the current version, but may be in the next one.
> > I have moved back to F-Prot 3.14b as more of these errors started
showing
> > up.
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] McAfee batch updates

2004-03-09 Thread Serge 
I am working on the mcafee batch updates linked to on declude.com
I am trying to customize the file for a special case, and to rewrite one to
download the latest McAfee engine instead of SDAT
for that, i need some help understanding the lines below
any hints welcomed
mainly, how do we get the latest sdat filename to execute.
and how do we expand and/or execute it, and in which directory it expand.
Thanks in advance, especialy for the person who first wrote and shared these
files.


:ProcessSDAT
SET T=0
for /F %%I in ('dir %DownloadDir%\sdat4*.exe /a-d-s /b /o:-n') do call
:RunSDAT %DownloadDir%\%%I
%unzipcmd% %DownloadDir%\DAILYDAT.zip %unziptail%
del %SDATLog%
goto END

:RunSDAT
SET /a T = 1+%T%
if %T% EQU 1 start /wait %1 -logfile %SDATLog% -e %scandrv%%scandir%
if %T% LEQ 3 goto :RunSDAT_exit
if exist %1 del /F %1
:RunSDAT_exit
goto :EOF

:END
ENDLOCAL


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Bagle.J / news.com article on AV software opening zipped files.

2004-03-04 Thread serge 
Scott
the minimum that would be practicaly usable for us :

1- Notifications based on banned extension: ONLYSENDIFEXT, SKIPIFEXT

AND

2-BANEZIPEXT2 independant from banext, as in
BANEZIPEXT2 exe
BANEZIPEXT2 com
BANEXT scr
BANEZIPEXT ON

AND

3- ONLYSENDIFFORGING

Also, request for 2 cross-product features
1- REVDNS for %REMOTEIP% in virus
2- Test on attachement type in JM

I know your are curently overwhelmed in this bagle issue, but at least let
me know if you are willing to consider adding these features to your todo
list




- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 04, 2004 11:22 PM
Subject: Re: [Declude.Virus] Bagle.J / news.com article on AV software
opening zipped files.


>
> >that is going to be a chalenge for scott to incorporate in declude :)
>
> It's unlikely that we will do this.  It makes for a great marketing
> gimmick, but won't work in the long term.  All it will take is for a virus
> to say "The password is  1 2 3 4 5" or "The password is 12344 plus 1", and
> those AV programs will quickly leave the spotlight.
>
> >We are an isp, and for us blocking zips is out of the question.
>
> Remember that all AV programs can catch viruses in standard .ZIP
> files.  It's only the encrypted .ZIP files that pose a problem, and it is
> recommended that people block all encrypted .ZIP files (but allow standard
> .ZIP files through).  That way, extremely few people are inconvenienced,
> but it would be very hard for a virus to get through.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] marking subject line

2004-03-04 Thread Serge 
> (mainly that someone using just Declude Virus won't be running the Declude
> JunkMail code, and vice versa).

OK, but if JM users ask for
ContainEZIPatt test, why would you refuse the request :)


- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 04, 2004 5:35 PM
Subject: RE: [Declude.Virus] marking subject line


>
> >Scott - you may shoot me for suggesting this, especially if it has been
> >suggested before. I am not a programmer so I suggest this not knowing how
> >difficult it may be, but if both Virus and Junkmail use the declude.exe
is
> >it possible to have things like BANEZIP be defined as a test in the
global
> >file for junkmail and then have actions defined for different
users/domains
> >with different junkmail files?
>
> It does sound easy, but unfortunately is not.  There are a few problems
> (mainly that someone using just Declude Virus won't be running the Declude
> JunkMail code, and vice versa).
>
>
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] SKIPIFFORGING Question

2004-03-04 Thread Serge 
This has been working quite well
make sure you have no extra blank spaces or tabs

in the regular recep.eml we have
SKIPIFSENDER [forged]

in recepforged.eml we have
ONLYSENDIFSENDER [forged]

Of course, the virus shoud be marked as forging in virus.cfg

you can test by marking eicar as forging in virus.cfg
FORGINGVIRUS Eicar

Just retested, it works as expected



- Original Message - 
From: "John Olden" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 04, 2004 4:22 PM
Subject: Re: [Declude.Virus] SKIPIFFORGING Question


> Serge,
>
> > old way in order to be able to use :
> > onlysendifsender [forged]  in recpforged.eml, so we can warn the
> recipient
> > whithout pointing to an innocent sender.
>
> Can I ask how you have this working? Is there something you put in the
> cfg file? I created this file and added the line you indicated to the
> top of it but my users are still receiving the regular recip.eml.
>
> TIA,
> John Olden - Systems Administrator
> Champaign Park District
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
--- Begin Message ---
Remise de message annulé: 
De: %MAILFROM%
A:  %LOCALRECIPS%

le serveur de messagerie de CEFIB Internet verifie chaque message pour les virus, 
SPAM, et Vulnerabilités

La protection de %LOCALHOST% a detecté un message qui vous était destiné, reçu 
de %MAILFROM%, et qui contient le virus %VIRUSNAME% dans la pièce jointe %VIRUSFILE%.
Le sujet du message était "%SUBJECT%".  
Le message contenant le virus à été envoyé à la quarantaine pour eviter tout dégat.


Delivery blocked:
FROM: %MAILFROM%
To:   %LOCALRECIPS%

The mail server for CEFIB Internet scans each e-mail for Viruses, SPAM (Junk
Mail) and e-mail vulnerabilities.

%LOCALHOST% protection has reported that you were sent an E-mail from %MAILFROM%, 
containing the %VIRUSNAME% virus in the%VIRUSFILE% attachment.
The subject of the E-mail was "%SUBJECT%".
The E-mail containing the virus has been quarantined to prevent any damage.

Adresse IP: %REMOTEIP%

Virus: %VIRUSNAME%
Pièce jointe: %VIRUSFILE%

Version Declude: %VERSION%
Fichier IMAIL: %QUEUENAME%

Subject: %SUBJECT%
Host name of the recipient  %RECIPHOST% 

IP address of the remote mail server %REMOTEIP% 

Template: recip.eml--- End Message ---
--- Begin Message ---
Remise de message annulé: 
De: Expediteur masqué par le virus
De: %REMOTEIP%
A:  %LOCALRECIPS%

le serveur de messagerie de CEFIB Internet verifie chaque message pour les virus, 
SPAM, et Vulnerabilités

La Protection anti-virus de %LOCALHOST% a detecté un message qui vous était 
destiné, et qui contient le virus %VIRUSNAME% dans la pièce jointe %VIRUSFILE%.
Le sujet du message était "%SUBJECT%".  
Le message contenant le virus à été envoyé à la quarantaine pour eviter tout dégat.


Delivery blocked:
FROM: Sender forged by the virus
FROM: %REMOTEIP%
To:   %LOCALRECIPS%

The mail server for CEFIB Internet scans each e-mail for Viruses, SPAM (Junk
Mail) and e-mail vulnerabilities.

%LOCALHOST% anti-virus protection has reported that you were sent an E-mail 
containing the %VIRUSNAME% virus in the%VIRUSFILE% attachment.  
The subject of the E-mail was "%SUBJECT%".  
The E-mail containing the virus has been quarantined to prevent any damage.

Adresse IP: %REMOTEIP%

Virus: %VIRUSNAME%
Pièce jointe: %VIRUSFILE%

Version Declude: %VERSION%
Fichier IMAIL: %QUEUENAME%

Subject: %SUBJECT%
Host name of the recipient  %RECIPHOST% 

IP address of the remote mail server %REMOTEIP% 

Template: recipfor.eml--- End Message ---
--- Begin Message ---

Remise de message annulé: 
De: %MAILFROM%
AA: %LOCALRECIPS%

le serveur de messagerie de CEFIB Internet verifie chaque message pour les virus, 
SPAM, et Vulnerabilités

La protection de %LOCALHOST% a intercepté un message qui contient %VIRUSNAME%, et nous 
l'avons mis en quarantaine. 
%VIRUSNAME% est generer par un client de messagerie qui n'est pas fiable,
et peut contenir des virus, ou c'est probablement du SPAM.

Merci de prendre contact avec l'expediteur de votre message pour circonscrire le 
problème.


Delivery blocked:
FROM: %MAILFROM%
TTo:  %LOCALRECIPS%

The mail server for CEFIB Internet scans each e-mail for Viruses, SPAM (Junk
Mail) and e-mail vulnerabilities.

%LOCALHOST% protection caught an e-mail addressed to you that contains %VIRUSNAME%, and
have quarantined it for your protection, %VIRUSNAME% is generated by a broken 
email client, and can hide viruses, or is most certainly spam.

Please contact your mail sender to resolve the problem.

De: %MAILFROM%
Adresse IP: %REMOTEIP%

Re: [Declude.Virus] F-prot 3.14c Error 5

2004-02-29 Thread Serge 
Got this from frisk today
any

Dear Serge,

According to our development team, no changes were done to the error codes
in our command line scanners. Error code '5' generally means "Scan aborted
by Ctrl+C or Esc".


- Original Message - 
From: "David Dodell " <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 27, 2004 11:35 PM
Subject: Re: [Declude.Virus] F-prot 3.14c Error 5


> >Hiw does one determine if they are are having this problem?  Version
> >3.14c seems fine to me
>
> You'll see the Error 5 in your declude virus log.
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Another error

2004-02-26 Thread Serge 
Scott
I have Mcafee on access scanner, but i specificaly exclude the imail & the
spool directory and all their subdirectories
Regarding the backup, the error in occuring all day long, while we only run
the backup once a day, so it cannot be that


- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 26, 2004 12:39 PM
Subject: Re: [Declude.Virus] Another error


>
> >I have a lot of these
> >any hints ?
> >
> >02/24/2004 16:39:12 Q7b5e15400292c67d Error opening mime file
> >E:\IMAILSRVR\spool\D7b5e15400292c67d.SMD
> >02/24/2004 16:39:12 Q7b5e15400292c67d Scanned: Error starting scanner
>
> The happens when Windows won't allow Declude to open the D*.SMD file for
> some reason.  Do you have an on-access virus scanner, which may prevent
> Declude from opening one of the D*.SMD files?  Are you running backup
> software that locks files before backing them up?
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Another error

2004-02-26 Thread Serge 
 I was able to save the eicar virus to the spool directory
 Can't see a pattern  happening
 many emails, not all
 will try to exclude temp directory as kami suggested
 attached is a zipped log, maybe you can spot a pattern

>
>
>
> - Original Message - 
> From: "R. Scott Perry" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, February 26, 2004 3:25 PM
> Subject: Re: [Declude.Virus] Another error
>
>
> >
> > >I have Mcafee on access scanner, but i specificaly exclude the imail &
> the
> > >spool directory and all their subdirectories
> > >Regarding the backup, the error in occuring all day long, while we only
> run
> > >the backup once a day, so it cannot be that
> >
> > Do you know if this is happening for all E-mails, or just some?  Is
there
> > any pattern that you can see (happening at certain times of the day,
every
> > X hours, just for E-mails with viruses, etc.)?
> >
> > Also, I would suggest copying the eicar.com file (you can download it
from
> > http://www.eicar.org ) to the \IMail\spool directory, and seeing if you
> are
> > able to then open it with Notepad.  If not, the AV program is actually
> > intefering somehow.
> >
> > -Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> > since 2000.
> > Declude Virus: Catches known viruses and is the leader in mailserver
> > vulnerability detection.
> > Find out what you've been missing: Ask for a free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.Virus mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.Virus".The archives can be found
> > at http://www.mail-archive.com.
> >
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Another error

2004-02-26 Thread Serge 
excluded c:\temp
in more than one hour i got abou 300 emails
3 were infected and caught
another one gave the following error:

02/26/2004 19:25:09 Q47f000750456e4e4 Couldn't open headers datafile
02/26/2004 19:25:09 Q47f000750456e4e4 Error opening mime file
E:\IMAILSRVR\spool\D47f000750456e4e4.SMD
02/26/2004 19:25:09 Q47f000750456e4e4 Scanned: Error starting scanner

all the rest were virus free

Scott, Kami, what next ?

- Original Message - 
From: "Kami Razvan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 26, 2004 3:23 PM
Subject: RE: [Declude.Virus] Another error


> Hi;
>
> We had a similar issue..
>
> Make sure you exclude C:\temp as well.
>
> McAfee moves a copy of the virus to that directory and then that causes
> issues.. Add C:\temp to the exclusion list.
>
> See if that helps.
>
> Kami
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Serge
> Sent: Thursday, February 26, 2004 10:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] Another error
>
> Scott
> I have Mcafee on access scanner, but i specificaly exclude the imail & the
> spool directory and all their subdirectories Regarding the backup, the
error
> in occuring all day long, while we only run the backup once a day, so it
> cannot be that
>
>
> - Original Message -
> From: "R. Scott Perry" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, February 26, 2004 12:39 PM
> Subject: Re: [Declude.Virus] Another error
>
>
> >
> > >I have a lot of these
> > >any hints ?
> > >
> > >02/24/2004 16:39:12 Q7b5e15400292c67d Error opening mime file
> > >E:\IMAILSRVR\spool\D7b5e15400292c67d.SMD
> > >02/24/2004 16:39:12 Q7b5e15400292c67d Scanned: Error starting scanner
> >
> > The happens when Windows won't allow Declude to open the D*.SMD file for
> > some reason.  Do you have an on-access virus scanner, which may prevent
> > Declude from opening one of the D*.SMD files?  Are you running backup
> > software that locks files before backing them up?
> >
> > -Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> > since 2000.
> > Declude Virus: Catches known viruses and is the leader in mailserver
> > vulnerability detection.
> > Find out what you've been missing: Ask for a free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.Virus mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.Virus".The archives can be found
> > at http://www.mail-archive.com.
> >
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Another error

2004-02-26 Thread Serge 
correct,
we only use fprot with declude
we have not configured a second scanner yet which will obviously be Mcafee
netshield
just looked at the directory, and there is only scan32.exe
i may need to reinstall netshield ?

- Original Message - 
From: "Kami Razvan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 26, 2004 8:04 PM
Subject: RE: [Declude.Virus] Another error


> One question .. Do you only have one scanner?
>
> Kami
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Serge
> Sent: Thursday, February 26, 2004 2:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] Another error
>
> excluded c:\temp
> in more than one hour i got abou 300 emails
> 3 were infected and caught
> another one gave the following error:
>
> 02/26/2004 19:25:09 Q47f000750456e4e4 Couldn't open headers datafile
> 02/26/2004 19:25:09 Q47f000750456e4e4 Error opening mime file
> E:\IMAILSRVR\spool\D47f000750456e4e4.SMD
> 02/26/2004 19:25:09 Q47f000750456e4e4 Scanned: Error starting scanner
>
> all the rest were virus free
>
> Scott, Kami, what next ?
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Another error

2004-02-26 Thread Serge 
thanks bill
found it


- Original Message - 
From: "Bill Landry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 26, 2004 8:38 PM
Subject: Re: [Declude.Virus] Another error


> - Original Message - 
> From: "Serge" <[EMAIL PROTECTED]>
>
> > just looked at the directory, and there is only scan32.exe
> > i may need to reinstall netshield ?
>
> The files, scan32.exe and scan.exe, are not in the same directory.
Scan.exe
> can be found in:
>
> C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx
>
> depending on the version of McAfee you are  running.
>
> Bill
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Another error

2004-02-25 Thread serge 



Hi scott
I have a lot of these
any hints ?
 
02/24/2004 16:39:12 Q7b5e15400292c67d Error opening 
mime file E:\IMAILSRVR\spool\D7b5e15400292c67d.SMD02/24/2004 16:39:12 
Q7b5e15400292c67d Scanned: Error starting scanner
 
===

[Declude.Virus] Forging vs autoforge

2004-01-27 Thread Serge 
Hi

i'm still using forgingvirus and want to enable autoforge
what will happen if a virus is marked by both ?
can we change the autoforge action so it just tag the virus as forgingvirus
?

TIA


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Request

2003-12-27 Thread serge 



That is exactly my situation and the situation of some of my hosting
customers
This feature may not be usefull for most, but for andy and me at least, it
will greatly help
also, i think it is very straightforward for scott to add this variable
so please consider this request


- Original Message - 
From: "Andy Schmidt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 27, 2003 8:29 AM
Subject: RE: [Declude.Virus] Request


Remember, except for "public" (role) email addresses, the Virus comes from a
workstation that had the recipient's email address in their address book.

So - it's likely an "affiliated" company or a frequent correspondent.

While the "from" address if forged, the Reverse DNS is NOT. There have been
many cases where I was able to pinpoint the infected workstation at one of
our regular trading partners just by seeing the reverse DNS.

Best Regards
Andy Schmidt

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Saturday, December 27, 2003 03:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Request


> In any case - it's much easier for an end user to see the Reverse DNS
> domain name than to see an IP address and then have to try to figure
> out who that IP address is associated with so that they can send an
> email to the abuse department (in the occasional case, that someone is
> bombarded by an infected
> computer).

I am sure the admin responsible for the mail server that is receiving the
postmaster messages would be in a much better position to detect and react
to bombardments, such as blocking the IP or contacting the appropriate
entity if advisable. On my server, the only action I take on a forging virus
is if an IP has sent more than 5 messages in 24 hours, it gets banned (Imail
SMTP Control access) for 30 days. (If the user/ISP/Whoever cares enough to
contact to find out why, they will be notified why.) Repeat offence is
banned for 60 days. Third offence is permanent.

In any case, if the virus is forging, attempts to contact the sender by the
user is work at best, and the only reliable piece of information would be
the remote IP or REVDNS, which again in most cases the REVDNS would require
further searching and tracking down to find out the actual user at the time
of the message being sent.

But if you feel it best to give the user that kind of information, more
power to you.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Request

2003-12-26 Thread serge 


I need the reverse dns (ptr) of the remote smtp server

< that will serve no use, as most viruses come directly from users
computers, which either will have no PTR or
a generic ISP PTR, something line 1.1.168.192.adsl-customer.mybig.isp.com.>

That may be true in some cases.

but in my particular situation, i had some problems with my users by giving
only the ip adress of the remote smtp server (for forging viruses)
they were more receptive when i do a dns lookup and give them a host name.

since revdns lookup/variable is available in junkmail, i assume it will very
easy for scott to add it to declude virus.
i am sure it will help in some situations, definetly in mine.


- Original Message - 
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 26, 2003 11:25 PM
Subject: RE: [Declude.Virus] Request


Please explain what the purpose would be and exactly what you mean by that
variable?

If you mean the PTR record of the RemoteIP, that will serve no use, as most
viruses come directly from users computers, which either will have no PTR or
a generic ISP PTR, something line 1.1.168.192.adsl-customer.mybig.isp.com.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of serge
> Sent: Friday, December 26, 2003 2:50 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] Request
>
> Scott
>
> can you add a variable %revdnsremoteip% to use in notifications of forging
> viruses ?
>
> TIA
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Request

2003-12-26 Thread serge 
Scott

can you add a variable %revdnsremoteip% to use in notifications of forging
viruses ?

TIA


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] SKIPIFFORGING

2003-12-07 Thread serge 
Is this the same as
skipifsender [Forged]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Log analyzer question

2003-09-04 Thread serge 
i've tried a few
none give that possibilty
so i'm using the tip scott gave me
the folks of dlanalyzer are working on a virus log analyzer
i  have asked for that feature
a simmilar report by sender adress (for non forging viruses) is also needed
(for dial up users without fixed ip adresses)
hope they include these features, and that they release  their product soon

i also requested a daily summary report per user instead of sending
notifications for each intercepted message
date/time, virus name, sender(or forged), senderIP, subject,
spoolfilename,...

- Original Message - 
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 04, 2003 8:31 PM
Subject: [Declude.Virus] Log analyzer question


I have not had time in the last couple of weeks to go through the Virus Log
analyzers available, so I have a question:

Do any of them list in the report the number of infections and/or virus name
by sending IP address, including be able to detect and bypass a backup mail
server IP address?

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Notification question

2003-09-02 Thread serge 
scott

if a notification  need to go to %allrecep% and allrecep has many adresses
both local and remote,
what happens if we use onlysendiflocalrecep?

1-notification is sent only to local recep.
2-notification is sent to all recep
or 3- no notification is sent


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Another request

2003-09-01 Thread serge 
few days ago someone asked if all info for a message can be put on a single
line in logs.
i think it may be a good idea.
at least if we can have the remoteip on the same line as virusname.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] SoBig

2003-08-30 Thread serge 
thanks scott
i was able to select a dozen of adresses and this is making a big difference

!SoBig senders
deny tcp host 200.93.136.5 any  eq smtp
deny tcp host 81.192.2.130 any eq smtp
deny tcp host 80.11.225.195 any eq smtp
deny tcp host 80.11.225.123 any eq smtp
deny tcp host 80.14.187.188 any  eq smtp
deny tcp host 193.253.189.90 any eq smtp
deny tcp host 217.128.120.96 any eq smtp
deny tcp host 194.167.144.29 any eq smtp
deny tcp host 196.1.100.215  any eq smtp
deny tcp host 212.62.54.13 any eq smtp
deny tcp host 213.154.90.82 any eq smtp
deny tcp host 213.154.70.180 any eq smtp
deny tcp host 141.155.142.158 any eq smtp
deny tcp host 217.136.255.62 any eq smtp
deny tcp host 200.93.136.5 any eq smtp
deny tcp host 217.136.255.62 any eq smtp
deny tcp host 63.126.131.20 any eq smtp

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 30, 2003 1:51 AM
Subject: Re: [Declude.Virus] SoBig


>
> >is there a utility that will go thru the log and count the numbers of
> >viruses per remote (or local) ip adress? so i can block the most guilty
> >adresses on my gateway ?
>
> You might want to go to the spool directory at a command prompt, and type:
>
>  find "Received:" D*.SMD > file1.txt
>  sort < file1.txt > file2.txt
>
> Then, you can open file2.txt with Notepad and scroll through it to find
the
> worst offenders.  If you have several weeks or more of viruses in there,
> you may want to clear out the directory and only use new incoming viruses.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you have been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] SoBig

2003-08-30 Thread serge 
This is getting rediculous
i have more than 36% infected ratio
all sobig.f
is there anything i can do about that?
is there a utility that will go thru the log and count the numbers of
viruses per remote (or local) ip adress? so i can block the most guilty
adresses on my gateway ?


Scan Summary -

Total Emails Scanned= 9 802

Total Emails Clean  = 6 248
Total Emails Infected   = 3 554Inbound=3 535 / Outbound=19

Outlook vulnerabilities = 148

Infected / Scanned  = 36,2579 %

--


Log File Summary -

Log Name  Virus Count Total Scanned
vir0829.log  3 554  9 802

--


Virus Summary by Count ---

Count  Inbound/Outbound Name
3 473   3 473 / 0W32/[EMAIL PROTECTED]
33 33 / 0W32/[EMAIL PROTECTED]
25  6 / 19   W32/[EMAIL PROTECTED]
8   8 / 0W32/[EMAIL PROTECTED]
6   6 / 0W32/[EMAIL PROTECTED] (corrupted)
4   4 / 0EICAR_Test_File
2   2 / 0W32/[EMAIL PROTECTED]
2   2 / 0W32/[EMAIL PROTECTED]
1   1 / 0W32/[EMAIL PROTECTED]

--


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Sobig- The Morning After

2003-08-23 Thread Serge 
here is sobig outbound traffic we stopped at our gateway

80 deny ip any host 67.73.21.6 log (3 matches)
90 deny ip any host 68.38.159.161 log (3 matches)
100 deny ip any host 67.9.241.67 log (3 matches)
110 deny ip any host 66.131.207.81 log (3 matches)
120 deny ip any host 65.177.240.194 log (3 matches)
130 deny ip any host 65.93.81.59 log (3 matches)
140 deny ip any host 65.95.193.138 log (3 matches)
150 deny ip any host 65.92.186.145 log (3 matches)
160 deny ip any host 63.250.82.87 log (3 matches)
170 deny ip any host 65.92.80.218 log (3 matches)
180 deny ip any host 61.38.187.59 log (3 matches)
190 deny ip any host 24.210.182.156 log (3 matches)
200 deny ip any host 24.202.91.43 log (2 matches)
210 deny ip any host 24.206.75.137 log (3 matches)
220 deny ip any host 24.197.143.132 log (3 matches)
230 deny ip any host 12.158.102.205 log (3 matches)
240 deny ip any host 24.33.66.38 log (3 matches)
250 deny ip any host 218.147.164.29 log (3 matches)
260 deny ip any host 12.232.104.221 log (3 matches)
270 deny ip any host 68.50.208.96 log (3 matches)
280 deny udp any any eq 8998 log
290 deny tcp any any eq 8998 log

- Original Message -
From: "Jeff Maze - Hostmaster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 23, 2003 4:01 PM
Subject: RE: [Declude.Virus] Sobig- The Morning After


Wow..  That's great..

What port was the machine trying to use?  And what IP was the machine trying
to contact?

Just curious..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug McKee
Sent: Saturday, August 23, 2003 10:27 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] Sobig- The Morning After


THIS IS AN INCREDIBLE GROUP  !
DECLUDE IS AN INCREDIBLE PRODUCT  !!!
KUDUS to you Scott.
Grateful THANKS to all the members who contributed yesterday !

I usually delete about 2500-3000 files from the virus folder every morning.
The load in the last 24 hours was a few over 20,000.

The banname feature and the badheaders caught about a bunch.

The info received from the group allowed us to prepare and to advise our
clients for what could have been much worse than it was.

Blocking the port kept a PC somewhere in our network from doing any damage.
It made over 1200 attempts to contact a server outside our network in the
first hour. We will hunt it down and make sure it gets cleaned up.

I am honored to be a member of this group.
Sincere Thanks,
Doug McKee COO
South Texas Internet

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] OT? spool\overflow

2003-08-10 Thread Serge 
what is the spool \ overflow directory, (filled with Qsmd)
and what should i do about it ?


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] FORGING VIRUS

2003-07-06 Thread Serge 
that i know
but if we had a skipifforgingvirus, we will only worry about updating
virus.cfg, instead of also having to change the emls when a new forging
virus appears
the freedom is not lost  since you are not obligated to use
skipifforgingvirus, and still can do it the old way
but i don't like the fact to have to maintain all the emls where you may
forget one of the forging viruses, it can always be a source of errors

BTW Kami or others, how to use the skipifvirusnamedoesnothave ?
can we have many of those in the same eml ?
any examples ?

- Original Message -
From: "Kami Razvan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, July 05, 2003 11:29 PM
Subject: RE: [Declude.Virus] FORGING VIRUS


> Hi;
>
> Just in case Scott is taking a day off...
>
> The way we do this is by first adding:
>
> FORGINGVIRUS Braid
> FORGINGVIRUS Bridex
> FORGINGVIRUS Bugbear
> FORGINGVIRUS Hybris
> FORGINGVIRUS Lentin
> FORGINGVIRUS Klez
> FORGINGVIRUS Magistr
> FORGINGVIRUS Sobig
> FORGINGVIRUS Vulnerability
> FORGINGVIRUS Yaha
> FORGINGVIRUS Fizzer
> FORGINGVIRUS Palyh
>
> To the virus.cfg
>
> This will define which are forged therefore the email address of the
sender
> is replaced by [forged] in the alert.
>
> Then in the sender.eml and otherpostmaster.eml we have:
>
> SKIPIFVIRUSNAMEHAS Yaha
> SKIPIFVIRUSNAMEHAS Lentin
> SKIPIFVIRUSNAMEHAS Magistr
> SKIPIFVIRUSNAMEHAS Klez
> SKIPIFVIRUSNAMEHAS Vulnerability
> SKIPIFVIRUSNAMEHAS Bugbear
> SKIPIFVIRUSNAMEHAS Bridex
> SKIPIFVIRUSNAMEHAS Braid
> SKIPIFVIRUSNAMEHAS Sobig
> SKIPIFVIRUSNAMEHAS Palyh
>
> So in essence I think what this does is it first replaces the forged email
> and then if it is to send the alert it will skip it if it sees it.
>
> Of course it would be more efficient if both actions where done by one
> listing but I guess this way it gives you more freedom.
>
> Regards,
> Kami
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Serge
> Sent: Saturday, July 05, 2003 6:21 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] FORGING VIRUS
>
>
> sorry if this is a trivial question, but is there a
> skipifforgingvirus option ?
>
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To unsubscribe,
just
> send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] FORGING VIRUS

2003-07-05 Thread Serge 
sorry if this is a trivial question, but is there a 
skipifforgingvirus option ?



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-28 Thread Serge 
here is declude log
it did detect the virus, but why did it let it thru, and whithout changing
the header


06/27/2003 18:26:58 Q8c09067a02886365 Scanner 1: Virus=: W32/[EMAIL PROTECTED]
(corrupted) Attachment=15-10-GB.pdf.pif [3] I
06/27/2003 18:26:58 Q8c09067a02886365 Found a bogus .pif file
06/27/2003 18:26:58 Q8c09067a02886365 File(s) are INFECTED [:
W32/[EMAIL PROTECTED] (corrupted): 3]
06/27/2003 18:26:58 Q8c09067a02886365 Scanned: CONTAINS A VIRUS [MIME: 2
8604]
06/27/2003 18:26:58 Q8c09067a02886365 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 216.226.209.71]
06/27/2003 18:26:58 Q8c09067a02886365 Subject:  See todays hottest stars in
their most intimate moments



- Original Message -
From: "Serge" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 28, 2003 3:23 AM
Subject: Re: [Declude.Virus] ban ext not working


> attached are the 2 part of imail log file, receiving and delivering
> too long, to many recepients
> maybe thats why it went thru ?
>
> banext did not work (it usualy works).
> fprot did not catch bugbear, it does when i resend the same message !
> no declude junkmail or virus headers added.
>
> any help, hints, ... appreciated
> thanks in advance
>
>
>
>
> - Original Message -
> From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, June 28, 2003 12:20 AM
> Subject: RE: [Declude.Virus] ban ext not working
>
>
> > Below is the header
> > it does say:
> >
> > Received: from Diaby [216.226.209.71] by cefib.com
> >   (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 +
> >
> > Doesn't this mean this is NOT an imail/webmessaging mail ?
> > so why was it not scanned by declude ? no declude virus or junkmail
> headers
> > were added
> >
> > Received: from Diaby [216.226.209.71] by cefib.com
> >   (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 +
> > From:  [EMAIL PROTECTED]
> > Subject:  See todays hottest stars in their most intimate moments
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed; boundary="--8SXJ1Q6JOLFJSQ"
> > Message-Id: <[EMAIL PROTECTED]>
> > Date: Fri, 27 Jun 2003 19:11:25 +
> > X-RCPT-TO: <[EMAIL PROTECTED]>
> > Status: U
> > X-UIDL: 352739436
>
> Can you find that message in the Imail log, find what the Imail file name
is
> and post a log snippet of it?
>
> John Tolmachoff MCSE CSSA
> Engineer/Consultant
> eServices For You
> www.eservicesforyou.com
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
>
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-28 Thread Serge 
if a file has a banned extension and a virus
will it trigger the banned extension email or the recep, ... virus email?
is a banned extension first scanned for viruses ?


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-27 Thread Serge 
ED]>
20030627 182646 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182646 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182646 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182646 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182647 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182647 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182647 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182647 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182647 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182647 127.0.0.1   SMTPD (067A0288) [216.226.209.71] RCPT TO:<[EMAIL 
PROTECTED]>
20030627 182658 127.0.0.1   SMTPD (067A0288) [216.226.209.71] 
E:\IMAILSRVR\spool\D8c09067a02886365.SMD 12250


20030627 185551 127.0.0.1   SMTP (5536) E:\IMAILSRVR\spool\Q8c09067a02886365.SMD
20030627 185551 127.0.0.1   SMTP (5536) processing 
E:\IMAILSRVR\spool\Q8c09067a02886365.SMD
20030627 191031 127.0.0.1   SMTP (5536) ldeliver cefib.com abdou-main (1) [EMAIL 
PROTECTED] 12250
20030627 191032 127.0.0.1   SMTP (5536) forwarded message to [EMAIL PROTECTED]
20030627 191122 127.0.0.1   SMTP (5536) ldeliver cefib.com aly.k-main (1) [EMAIL 
PROTECTED] 12250
20030627 191123 127.0.0.1   SMTP (5536) ldeliver cefib.com cafpd-main (1) [EMAIL 
PROTECTED] 12250
20030627 191123 127.0.0.1   SMTP (5536) ldeliver cefib.com dfall-main (1) [EMAIL 
PROTECTED] 12250
20030627 191124 127.0.0.1   SMTP (5536) ldeliver cefib.com infbmcd-main (1) [EMAIL 
PROTECTED] 12250
20030627 191124 127.0.0.1   SMTP (5536) ERR cefib.com iug mailbox size too large 
(1500-14999727)
20030627 191124 127.0.0.1   SMTP (5536) ldeliver cefib.com karim.raymond-main (1) 
[EMAIL PROTECTED] 12250
20030627 191125 127.0.0.1   SMTP (5536) ldeliver cefib.com nomade-main (1) [EMAIL 
PROTECTED] 12250
20030627 191125 127.0.0.1   SMTP (5536) ldeliver cefib.com pollotp-main (1) [EMAIL 
PROTECTED] 12250
20030627 191125 127.0.0.1   SMTP (5536) ldeliver cefib.com serge-main (1) [EMAIL 
PROTECTED] 12250
20030627 191702 127.0.0.1   SMTP (5536) ldeliver cefib.com bdiarra-main (1) [EMAIL 
PROTECTED] 12250
20030627 191702 208.154.200.5   <190>215470: Jun 27 19:17:01: %SEC-6-IPACCESSLOGP: 
list borderoutgoing denied tcp 216.226.209.209(5) -> 10.0.1.128(30201), 1 packet
20030627 191702 127.0.0.1   SMTP (5536) ldeliver cefib.com dyacouba-main (1) 
[EMAIL PROTECTED] 12250
20030627 191703 127.0.0.1   SMTP (5536) forwarded message to [EMAIL PROTECTED]
20030627 191703 127.0.0.1   SMTP (5536) ERR cefib.com esf mailbox size too large 
(1500-14999572)
20030627 191703 127.0.0.1   SMTP (5536) ldeliver cefib.com franck-main (1) [EMAIL 
PROTECTED] 12250
20030627 191703 127.0.0.1   SMTP (5536) ERR cefib.com grandhotel mailbox size too 
large (1500-1491)
20030627 191704 127.0.0.1   SMTP (5536) ldeliver cefib.com maiga-main (1) [EMAIL 
PROTECTED] 12250
20030627 191704 127.0.0.1   SMTP (5536) ldeliver cefib.com wca-main (1) [EMAIL 
PROTECTED] 12250
20030627 191709 127.0.0.1   SMTP (5536) ldeliver cefib.com maiga-press (1) [EMAIL 
PROTECTED] 12250
20030627 191709 127.0.0.1   SMTP (5536) Trying pizza.fr (0)
20030627 191710 127.0.0.1   SMTP (5536) Connect pizza.fr [217.174.194.163:25] (1)
20030627 191711 127.0.0.1   SMTP (5536) 220 av1.amenworld.com ESMTP
20030627 191711 127.0.0.1   SMTP (5536) >EHLO cefib.com
20030627 191712 127.0.0.1   SMTP (5536) 250-av1.amenworld.com
20030627 191712 127.0.0.1   SMTP (5536) 250-PIPELINING
20030627 191712 127.0.0.1   SMTP (5536) 250 8BITMIME
20030627 191712 127.0.0.1   SMTP (5536) >MAIL FROM:<[EMAIL PROTECTED]>
20030627 191713 127.0.0.1   SMTP (5536) 250 ok
20030627 191713 127.0.0.1   SMTP (5536) >RCPT To:<[EMAIL PROTECTED]>
20030627 191713 127.0.0.1   SMTP (5536) 250 ok
20030627 191713 127.0.0.1   SMTP (5536) >DATA
20030627 191714 127.0.0.1   SMTP (5536) 354 go ahead
20030627 191716 127.0.0.1   SMTP (5536) >.
20030627 191716 127.0.0.1   SMTP (5536) 250 ok 1056741436 qp 15861
20030627 191717 127.0.0.1   SMTP (5536) rdeliver pizza.fr [EMAIL PROTECTED] (1) 
[EMAIL PROTECTED] 12283
20030627 191717 127.0.0.1   SMTP (5536) >QUIT
20030627 191717 127.0.0.1   SMTP (5536) 221 av1.amenworld.com
20030627 191717 127.0.0.1   SMTP (5536) Trying msn.com (0)
20030627 191718 127.0.0.1   SMTP (5536) Connect msn.com [65.54.252.99:25] (1)
20030627 191719 127.0.0.1   SMTP (5536) 220 mc5-f2.law1.hotmail.com Microsoft 
ESMTP MAIL Service, Versio

Re: [Declude.Virus] ban ext not working

2003-06-27 Thread Serge 
Below is the header
it does say:

Received: from Diaby [216.226.209.71] by cefib.com
  (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 +

Doesn't this mean this is NOT an imail/webmessaging mail ?
so why was it not scanned by declude ? no declude virus or junkmail headers
were added



Received: from Diaby [216.226.209.71] by cefib.com
  (SMTPD32-7.15) id AC0967A0288; Fri, 27 Jun 2003 18:25:13 +
From:  [EMAIL PROTECTED]
Subject:  See todays hottest stars in their most intimate moments
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--8SXJ1Q6JOLFJSQ"
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 27 Jun 2003 19:11:25 +
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 352739436

8SXJ1Q6JOLFJSQ
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit







http://www.easy-celebrities.com/index.phtml?1261375220";
TARGET="_blank">

http://www.easy-celebrities.com/banners/images/generic_celeb_2_01.gif";
WIDTH=600 HEIGHT=28 BORDER=0 ALT="">



http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-27 Thread Serge 
OT
How can we verify (using the logs) that the message was sent using Imail1
and/or webmessaging
also, isthe instructions about daisychain available on website? or only in
archive ?

thanks


- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 27, 2003 9:24 PM
Subject: Re: [Declude.Virus] ban ext not working


>
> >seems that the messages are not beiing scanned by declude
> >nothing added to the header
> >is this possible? or the only possibility is that they are being sent by
> >imail1 /web messaging ?
>
> E-mail sent via imail1.exe or web messaging will not get scanned by
Declude
> with IMail v7 and earlier (unless you make some changes using the
> DAISYCHAIN option).
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you have been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-27 Thread Serge 
seems that the messages are not beiing scanned by declude
nothing added to the header
is this possible? or the only possibility is that they are being sent by
imail1 /web messaging ?


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Finding SPAM Messages

2003-06-23 Thread Serge 
I deactivated declude for my adress and sent you the mbx, have you receive
it ?
also, do you need the declude log, or imail log ?



- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 23, 2003 6:47 PM
Subject: Re: [Declude.Virus] Finding SPAM Messages


>
> >every time i try to send mbx (zipped, renamed, ), it is now getting
> >caught
> >how can i send it ?
> >and how did it get into my mailbox in the first place ?
>
> Have you checked the log files to see what they say?
>
> If it arrived, but couldn't make it out, something isn't right.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you have been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Finding SPAM Messages

2003-06-23 Thread Serge 
ok, scott
every time i try to send mbx (zipped, renamed, ), it is now getting
caught
how can i send it ?
and how did it get into my mailbox in the first place ?

- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 23, 2003 5:54 PM
Subject: Re: [Declude.Virus] Finding SPAM Messages


>
> >How can I find messages that were "Held" by Declude Junk Mail.
>
> This is the third time within a few days that you've posted Declude
> JunkMail questions to the Declude Virus list.  Would you mind posting this
> to the Declude JunkMail mailing list instead?
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you have been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-23 Thread Serge 
sorry i sent the file to the list
appologize

- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 23, 2003 5:29 PM
Subject: Re: [Declude.Virus] ban ext not working


>
> >no changes lately
> >sent mbx file and cfg files to [EMAIL PROTECTED]
>
> They haven't arrived yet -- could you try sending them again?
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you have been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-23 Thread Serge 
i did upgrade to 1.70 from 1.65 few days before


- Original Message -
From: "Serge" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 23, 2003 5:07 PM
Subject: Re: [Declude.Virus] ban ext not working


> no changes lately
> sent mbx file and cfg files to [EMAIL PROTECTED]
>
>
> - Original Message -
> From: "R. Scott Perry" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, June 23, 2003 4:30 PM
> Subject: Re: [Declude.Virus] ban ext not working
>
>
> >
> > >i have been getting since saturday many attachement that were supposed
to
> be
> > >banned
> > >declude is still intercepting vulnaribilities, but banned extension,
and
> > >even viruses are going thru (maybe corrupted viruses, but they were
> caught
> > >by local norton av)
> >
> > I assume these were getting blocked before Saturday?
> >
> > Can you reproduce the problem by sending an attachment with the
> appropriate
> > file type?
> >
> > Did you make any changes to the \IMail\Declude\virus.cfg file, or
upgrade
> > Declude about the same time this happened?
> >
> > -Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> > Declude Virus: Catches known viruses and is the leader in mailserver
> > vulnerability detection.
> > Find out what you have been missing: Ask for a free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.Virus mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.Virus".The archives can be found
> > at http://www.mail-archive.com.
> >
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] ban ext not working

2003-06-23 Thread Serge 
no changes lately
sent mbx file and cfg files to [EMAIL PROTECTED]


- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 23, 2003 4:30 PM
Subject: Re: [Declude.Virus] ban ext not working


>
> >i have been getting since saturday many attachement that were supposed to
be
> >banned
> >declude is still intercepting vulnaribilities, but banned extension, and
> >even viruses are going thru (maybe corrupted viruses, but they were
caught
> >by local norton av)
>
> I assume these were getting blocked before Saturday?
>
> Can you reproduce the problem by sending an attachment with the
appropriate
> file type?
>
> Did you make any changes to the \IMail\Declude\virus.cfg file, or upgrade
> Declude about the same time this happened?
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you have been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] F-Prot Scheduler

2003-06-15 Thread Serge 
> Serge, what is this kill.exe ... I don't have it on my hard drive.

it is from windows resources kit
it can kill an active process
in your case, you will need to find the name of the fprot updater process (i
think it is updater.exe)
and you schedule "kill.exe updater.exe"  say 30 minutes after each updater
run


- Original Message -
From: "David Dodell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 14, 2003 5:24 PM
Subject: Re: [Declude.Virus] F-Prot Scheduler


> From: "Serge" <[EMAIL PROTECTED]>
>
> >Try to schedule kill.exe 1 hour after each updater run
>
>
> Serge, what is this kill.exe ... I don't have it on my hard drive.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] F-Prot Scheduler

2003-06-14 Thread Serge 
Try to schedule kill.exe 1 hour after each updater run


- Original Message -
From: "David Dodell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 14, 2003 1:10 PM
Subject: [Declude.Virus] F-Prot Scheduler


> I like to keep things easy ... I use F-Prot scheduler to check for new
> definitions every 4 hours.
>
> However, occasionally it times out, and I'm left with a failed
> connection notice on the screen.   And this seems to stop the
> automatic polling.   Any way to stop this, some switch someplace, but
> I don't see anything in the scheduler itself.
>
> David
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Virus Scan Marking All Messeges

2003-06-05 Thread Serge 
try to install the window version in d:\fprot, instaed of just copying fpcmd
as it probably needs other files /registry keys
also, go to command prompt and try to execute fpcmd, and see if there are error 
messages

  - Original Message - 
  From: Chad Killion 
  To: [EMAIL PROTECTED] 
  Sent: Wednesday, June 04, 2003 1:12 PM
  Subject: [Declude.Virus] Virus Scan Marking All Messeges


  Hello,

   

  I made a change to my virus.cfg file as suggested and changed the SCANFILE line to 
read:

   

  D:\fprot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /REPORT=report.txt

   

  Instead of:

   

  D:\fprot\F-PROT.EXE /TYPE /SILENT /NOMEM /ARCHIVE /REPORT=report.txt

   

  I just downloaded the trial version for windows, and copied the fpcmd.exe file and 
pasted it into my old DOS F-Prot directory so I wouldn't have to change much.  This 
obviously didn't work out.  Can anyone tell me, if I need to have the full version for 
windows installed in order to use fpcmd.exe?  Thanks.

   

  Chad Killion

  Software Engineer

  Joink, Inc.

  ---

  www.joink.com

  Pho:  812-242-1050

  Fax:  812-234-5144

  [EMAIL PROTECTED]

[Declude.Virus] OT @ipadress

2003-02-23 Thread Serge 
I remember reading somewhere that we can send an email to a [EMAIL PROTECTED]
is this correct ?
what is the exact format ?

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] OT Dnsstuff, Imail1

2003-02-21 Thread Serge 
Hi all

Dnsstuff.com seems down
any similar sites arround ? (for ping, DNS lookups, ...)

Also, i need a command line mailer (a la imail1) that can send html files
(as attachements) any idea ?

TIA


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Lentin virus passing declude and f-prot but caught by local f-prot but caught by local f-prot

2003-01-11 Thread Serge 



i had the same problem with lentin while running 
declude 1.61
upgrading to 1.65 fixed the problem
 
 

  - Original Message - 
  From: 
  Lenny Bauman 
  
  To: [EMAIL PROTECTED] 
  Sent: Saturday, January 11, 2003 3:57 
  PM
  Subject: Re: [Declude.Virus] Lentin virus 
  passing declude and f-prot but caught by local f-prot but caught by local 
  f-prot
  
  Scott,
   
    I am running v1.53.  I will look into 
  getting the .mbx file from the billing managers mail box if I 
can.
   
          
                  
                  
              Lenny 
  Bauman
  
- Original Message - 
From: 
R. Scott 
Perry 
To: [EMAIL PROTECTED] 
Sent: Friday, January 10, 2003 6:38 
PM
Subject: Re: [Declude.Virus] Lentin 
virus passing declude and f-prot but caught by local f-prot but caught by 
local f-prot
> I have a customer that is 
infected with the > w32/Lentin.H@mm 
virus.  He is sending messages to > my Billing manger and they 
are going through.  I should point out at this > time that to 
message does not set off f-prot on her computer.  She has > 
forwaeded the message to me as an attchment.  As soon as I open the 
> message that is attched it sets off my f-prot.  The message 
still opens > and I can see the attchment of *.scr.  I have 
saved the attched file and > sent it to my billing mangers e-mail 
address and declude and f-prot stop > it at the imail server.  I 
don't understand why the message get through > when it is sent from 
the infected computer but is caught when I send > it.  I would 
all so thing that the message shoulf be stop when it is > forwarded 
as an attachment to me.   I still have the forwarded email if 
> you want to see it or if you think I should send it to 
f-prot. I am > lost as to why this is 
happening and am looking for a good answer.What version of Declude 
Virus are you running ("\IMail\Declude -diag" from a command prompt will 
show you)?  Some older versions (a year old or older typically) may 
not catch all variants of some modern viruses, as some new viruses now 
spread in non-RFC-compliant ways.The best way to determine the 
problem is if you can get one of the viruses in an .mbx file before it 
is downloaded, you can send it to us for analysis (if the original 
E-mail is still in the .mbx file, it will have the raw E-mail headers, 
and we can test it 
here).   
-Scott---[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]---This 
E-mail came from the Declude.Virus mailing list.  Tounsubscribe, 
just send an E-mail to [EMAIL PROTECTED], andtype 
"unsubscribe Declude.Virus".    The archives can be 
foundat http://www.mail-archive.com.---[This 
E-mail scanned for viruses by LRBCG.COM, 
Inc.]

[Declude.Virus] SCR

2003-01-06 Thread Serge 



i have "banext 
scr"
 
i am receiving a lot of scr files, probably 
infected, with subjects "one hakers love"
 
any idea why these are getteing thru banext and 
fprot ?
 
banext is correctly blocking exe files
 
declude version 1.61
 
 
 
 

Re: [Declude.Virus] F-Prot Updater Question

2002-12-03 Thread Serge 
updater uses port 80 (http)
i have


!permit fprot updates and deny all other

permit tcp any host 213.220.100.1 eq 80 log
permit tcp any host 213.220.100.2 eq 80 log
permit tcp any host 213.220.100.3 eq 80 log
permit tcp any host 63.241.73.114 eq 80 log


- Original Message -
From: "Dan Star" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 03, 2002 4:57 PM
Subject: [Declude.Virus] F-Prot Updater Question


> Does the F-Prot Updater for Windows use ftp behind the scenes?
>
>   -- Dan
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Forged request

2002-10-15 Thread Serge 

I had suggested a solution some time ago

ONLYSENDIFVIRUS Klez,Magister
DONTSENDIFVIRUS Klez, magistr, ...

Where we can have different .eml for forgin virus that do not include
headers, domain names, 
and keep complete eml notifications for other iruses



- Original Message -
From: "John Tolmachoff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 15, 2002 6:50 PM
Subject: RE: [Declude.Virus] Forged request


> Hopefully Scott is taking a long lunch break. (He deserves it.) I am sure
he
> will answer this when he has a chance.
>
> Until then;
>
> I think the problem is that the From address in the header is not the same
> as the one that Imail receives it from.
>
> Therefore, for that to work would require a separate action like this;
>
> If FORGINGVIRUS
> next
> If SKIPIFVIRUSNAMEHAS
> end
> (Some script that searches the header for FROM and replaces *@* with
> [FORGED])
>
> (I am not a programmer so I do not know exactly how the syntax works.)
>
> John Tolmachoff
> IT Manager, Network Engineer
> RelianceSoft, Inc.
> Fullerton, CA  92835
> www.reliancesoft.com
>
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Forged request

2002-10-15 Thread Serge 

> I've got subscribers sending all sorts of messages to the from address
> listed in the error message headers, when those people most likely didn't
> even send the message with a virus.

Same here
also the sender domain name should be blanked


- Original Message -
From: "Helpdesk" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 15, 2002 5:55 PM
Subject: [Declude.Virus] Forged request


> > The Declude Virus software on acsworld.com has reported that you were
> > sent an E-mail from [Forged], containing the : W32/Klez.H@mm virus in
the
> > Unknown File attachment.  The subject of the E-mail was "Re: Re:eager to
see
> > you".
>
>
> > From: Jonathan Kamens <[EMAIL PROTECTED]>
>
> I'd like to request an option or a change in the Declude Virus program so
> that the "forged" option that is used in the top part of the warning
message
> also replaces the from address in the header records part of the message.
>
> I've got subscribers sending all sorts of messages to the from address
> listed in the error message headers, when those people most likely didn't
> even send the message with a virus.
>
> If the header part of the warning message said
>
> From: [Forged]
>
> they wouldn't know any address to send a message to.
>
> Thanks,
> Greg
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] OT: unknown host

2002-07-01 Thread Serge 


Does the message "unknown host" mean anything else than that the DNS did not
locate the remote server adress ?

I am getting the error below for many remote recipients at adresses of type
@x.dti.bollore.com
when i try to query DNS used by imail, i do get a valid mx hostaname and
adress (see below)
why the unknown host message ?

TIA



HEADER:
opcode = QUERY, id = 54110, rcode = NOERROR
header flags: reply, want recursion, recursion avail.
questions = 1, answers = 2, auth. records = 0, additional = 2
QUESTIONS:
ci.dti.bollore.com., type = XX, class = 1
ANSWERS:
->  ci.dti.bollore.com.
type = MX, class = 1, ttl = 72183, dlen = 18
preference 20, mail exchanger = ariane.c-si.fr.
->  ci.dti.bollore.com.
type = MX, class = 1, ttl = 72183, dlen = 7
preference 10, mail exchanger = mx.ci.dti.bollore.com.
ADDITIONAL RECORDS:
->  ariane.c-si.fr.
type = A, class = 1, ttl = 83527, dlen = 4
IP address = 194.250.211.2
->  mx.ci.dti.bollore.com.
type = A, class = 1, ttl = 72183, dlen = 4
IP address = 195.101.158.93

**complete**

> Unknown host: [EMAIL PROTECTED]
>
>
> Original message follows.
>
> Received: from SDV28YB61JNUV9 [216.226.209.53] by cefib.com
>   (SMTPD32-6.06) id A2695BA0180; Mon, 01 Jul 2002 08:27:21 +
> Message-ID: <003701c220d2$93b1f6d0$49d1e2d8@SDV28YB61JNUV9>
> From: =?iso-8859-1?Q?Fran=E7ois__Domptail?= <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> References: <[EMAIL PROTECTED]>
> Subject:
> Date: Mon, 1 Jul 2002 08:39:43 +0100
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 8bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 5.00.2919.6700
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
>


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.Virus] forging virus

2002-06-22 Thread Serge 


the from adress still shows in the header
is is the forged adress?
is there a way to eliminate this?

I have customers fighting each other because of declude notifications!


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] Default eml files - Klez

2002-05-16 Thread Serge 

> sets the %MAILFROM% var to a specific
> value (ie. ) for certain viruses? (As not to incriminate the
> forged sender to the recipient).

Very interesting, as this is causing much confusion in our user base.
we have user who take it on themselve to notify the "forged" sender.

also, the ONLYSENDIFVIRUSHAS can resolve this issue, as we can have 2
different types of recipient.eml, one with no sender adress and
onlysendifvirushas klez,magistr, ...
the other with skipifvirushas klez,magistr,...


- Original Message -
From: "Terrence Koeman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 17, 2002 2:59 AM
Subject: RE: [Declude.Virus] Default eml files - Klez


> How about an option that globally prevents any notifies to the forged
> sender or remote postmaster & sets the %MAILFROM% var to a specific
> value (ie. ) for certain viruses? (As not to incriminate the
> forged sender to the recipient).
>
> --
> Regards,
>
> Terrence Koeman
>
> Technical Director/Administrator
> MediaMonks B.V. (www.mediamonks.nl)
>
> Please quote all replies in correspondence.
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
> > Sent: Friday, May 17, 2002 00:03
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Declude.Virus] Default eml files - Klez
> >
> >
> >
> > >If I use the default "sender.eml" file will it send the
> > e-mail to the
> > >correct person if it catches the Klez virus?
> >
> > No -- there is no way of knowing who the real sender was.
> > Using the latest
> > default sender.eml file, no notification will be sent out to
> > the sender of
> > the virus (since it is forged).
> >   -Scott
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> This E-mail came from the Declude.Virus mailing list.  To unsubscribe,
> just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
> Declude.Virus".  You can E-mail [EMAIL PROTECTED] for assistance.
> You can visit our web site at http://www.declude.com .
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] SMTP AUTH - Imail v6.06

2002-05-16 Thread Serge 

>If you require SMTP AUTH, then users have to supply a valid E-mail address
> and password

Do Imail compare this adress to the from adress you use ?



- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 16, 2002 3:36 PM
Subject: Re: [Declude.Virus] SMTP AUTH - Imail v6.06


>
> > > >We need to enable SMTP AUTH for all of our clients -- we've found
some
> > > >device/person (IP) on the outside of our network spoofing emails to
lists
> > > >by the few users who are authorized list posters.
> > >
> > > However, I don't believe that will prevent people from sending mail to
the
> > > list using forged return addresses, since SMTP AUTH only applies to
> > > outgoing (relayed) E-mail.
> >
> >In reply, doesn't IMail (SMTP AUTH) not allow email to be relayed unless
a
> >password is supplied during login?   If that is true -- then how could
> >someone forge a return address without having a password to send mail?
>
> If you require SMTP AUTH, then users have to supply a valid E-mail address
> and password.  However, that only applies to *relayed* mail (outgoing
> mail).  For incoming mail (such as to a mailing list), SMTP AUTH is not
> required (or else you wouldn't be able to receive any mail from anyone who
> didn't have an account on the server).
>  -Scott
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.Virus] OT junkmail

2002-05-14 Thread Serge 



looking to buy junkmail pro soon, have few 
questions:
 
1- Is it as simple to install and configure as 
virus ? looking at junkmail list, it seems we will need to configure tests, 
weights, ... Will you offer a step by step 
assistance ?
 
2- After the first year, will we need 2 service 
agreement, one for junkmail and one virus ? or will one contract cover all 
declude products ?
 
3- Discount for declude virus pro owners 
?

Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS

2002-05-09 Thread Serge 

Here is our virus analisis for the last 2 days
our main problem is sircam from our customers
this has been the case for months , we tried everything we can think of to
make them clean their computers, it always come back, probably from hotmail,
..., accounts.
anyone have any hints ?

also, for scott, what does a Loal2Local show in the declude logs, inbound or
outbound .



Log File Summary -

Log Name  Virus Count Total Scanned
vir0508.log  1 040  1 040
vir0509.log  985  985

--


Virus Summary by Count ---

Count  Inbound/Outbound Name
91232 / 880  W32/Sircam.worm@mm
620   305 / 315  W32/Magistr.28672@mm
450   137 / 313  W32/Klez.H@mm
25 13 / 12   W32/Magistr.32768@mm
7   7 / 0W32/Klez.E@mm
3   1 / 2W32/MTX.9244.worm.A
3   3 / 0W32/Hybris.worm.D
1   1 / 0W97M/Thus.EN
1   1 / 0W97M/Thus.A
1   1 / 0W32/Hybris.worm.B
1   0 / 1W32/Backdoor.Fix2001
1   1 / 0W97M/Thus.I


---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] DSN:New Version of Virus Log Analyzer

2002-05-09 Thread Serge 

is is a major or minor upgrade ?
:)


- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 4:28 PM
Subject: [Declude.Virus] DSN:New Version of Virus Log Analyzer


> New version of the Virus Log Analyser has been posted.
>
> http://www.csonline.net/imailstuff/viruslog.htm
>
> The report will now show inbound and outbound counts for the individual
> viruses detected.
>
> Example:
> Virus Summary by Count ---
>
> Count  Inbound/OutboundName
> 10090 / 10 W32/Klez.H@mm
> 150125/ 25 W32/Hybris.worm.B
>
>
> Stu
> --
---
> CSOnline Technical Support hours - Monday thru Saturday 7am - 1am
> CSOnline Technical Support Numbers Seneca814-677-2447
>Clarion   814-227-3638
>Meadville 814-425-1696
>Parker724-399-1158
> http://www.csonline.net  http://www.cshowcase.com
http://www.learncenter.com
> --
---
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS

2002-05-09 Thread Serge 

How does declude send notifications ?
Can we use imail rules to delete some messages (ie: if to adress is
[EMAIL PROTECTED] ?)

- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 11:47 PM
Subject: Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS


>
> >I'm getting a bunch notifications of the "SirCam" virus from the same
email
> >address [EMAIL PROTECTED] but the email address is not valid.
>
> It could be that the user has the wrong address in Outlook (it may be that
> their real address is "[EMAIL PROTECTED]", but they entered it
in
> wrong).
>  -Scott
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] OT: Can you connect to his server ?

2002-05-06 Thread Serge 


Scott or others,
how can I locate the problem ?
I can't connect to the mx server
216.72.25.226

here is the tracert I get
1 7 7 172.16.12.1 
2 23 16 208.154.200.5 
3 719 696 10.0.6.1 
4 867 148 192.168.230.18 
5 664 -203 207.45.219.18 
*
*
...


- Original Message - 
From: "John Shacklett" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 06, 2002 5:59 PM
Subject: FW: [Declude.Virus] OT: Can you connect to his server ?


> got right in
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Serge
> Sent: Monday, May 06, 2002 1:48 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] OT: Can you connect to his server ?
> 
> 
> minrex.gov.cu
> 
> one of my clients is having problems snding mail to the above
> a tracert stop at
> 5 1047 55 207.45.219.18
> 
> I am not sure if it is a local routing Pb or something else
> can someone try to telnet  to
> ->  minrex.gov.cu.
> type = MX, class = 1, ttl = 479, dlen = 4
> preference 10, mail exchanger = minrex.gov.cu.
> ADDITIONAL RECORDS:
> ->  minrex.gov.cu.
> type = A, class = 1, ttl = 20, dlen = 4
> IP address = 216.72.25.226
> 
> 
> TIA
> 
> 
> 
> 
> ---
> [This E-mail scanned for viruses by Declude Virus]
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .
> 
> ---
> [This E-mail scanned for viruses by Declude Virus]
> 
> 

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.Virus] OT: Can you connect to his server ?

2002-05-06 Thread Serge 

minrex.gov.cu

one of my clients is having problems snding mail to the above
a tracert stop at 
5 1047 55 207.45.219.18

I am not sure if it is a local routing Pb or something else
can someone try to telnet  to 
->  minrex.gov.cu.
type = MX, class = 1, ttl = 479, dlen = 4
preference 10, mail exchanger = minrex.gov.cu.
ADDITIONAL RECORDS:
->  minrex.gov.cu.
type = A, class = 1, ttl = 20, dlen = 4
IP address = 216.72.25.226


TIA




---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] DSN:New Version of Virus Log File Analyzer

2002-05-03 Thread Serge 

Is there a way to get the inbound/outbound stat per virus, instead of total
for the report ?

Also, inbound mean local delivery, and outbound is delivery to a remote mail
server. Correct ?
anyway we can get stats of viruses sent by local senders ? (Outbound +
local2local)


- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 02, 2002 9:11 PM
Subject: [Declude.Virus] DSN:New Version of Virus Log File Analyzer


> For those using the virus log file analyzer (or those that wish to try it)
a
> new version of the Virus Log Analyzer is a available at
>
> http://www.csonline.net/imailstuff/viruslog.htm
>
> This version has changes to the report that now indicates the number of
> Inbound and Outbound viruses. Virus lines that are not indicated as
Inbound
> or Outbound in the log file will be listed on the report as unknown.
> You would normally see this if you ran this log analyzer version on a
> Declude Virus Log file before Declude Virus version 1.50. This is because
> these log files did not have the indicator.
>
> Many thanks to Scott and the rest at Computerized Horizons for adding this
> indicator.
>
> The report also now lists a count of the Outlook Vulnerabilities caught.
> The is a total for all types caught. This count is not included in the
total
> virus count
>
> 3 report sort options are no listed.
> Count produces a report with the viruses sorted by count.
> Name produce a report with the viruses listed by name.
> Count&Name includes a list by count and by name on the same report.
>
> Stu
>
> --
---
> CSOnline Technical Support hours - Monday thru Saturday 7am - 1am
> CSOnline Technical Support Numbers Seneca814-677-2447
>Clarion   814-227-3638
>Meadville 814-425-1696
>Parker724-399-1158
> http://www.csonline.net  http://www.cshowcase.com
http://www.learncenter.com
> --
---
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] Alternate Solutions

2002-05-03 Thread Serge 

try http://www.mwti.net/
We use them for mdeamon, and they have an exchange AV product


- Original Message -
From: "Jerod M. Bennett" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 03, 2002 11:19 PM
Subject: [Declude.Virus] Alternate Solutions


> Hello everyone,
>
> I have a friend who is running an exchange server (sad but true).  We
> were talking about all the Klez action recently.  I, of course, told him
> all about the joy of running Declude.  He was, of course, impressed and
> wondered where he could get it.  I told him that it only worked with
> Imail.  And he was very disappointed.  However, I thought that with all
> the experience on the list you might know of a good anti-virus solution
> for someone running exchange.
>
> If you have any suggestions, I would appreciate them.
>
> Jerod M. Bennett
> Director of Media Production
> Pixelpushers, Inc.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".  You can E-mail
> [EMAIL PROTECTED] for assistance.  You can visit our web
> site at http://www.declude.com .
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

  1   2   >