[Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? Thanks. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEXT EXE
Double check the D file. There might be more than one attachment. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Calvert Sent: Friday, March 26, 2004 8:57 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? Thanks. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? What happened is that either it contained an .exe file, or it had multiple extensions (in which case Declude Virus assumes the worst, that it is an .exe file). If you send me the D*.SMD file that was quarantined, I can let you know exactly why it was blocked as an .exe file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Scott, I just sent it to you, please look for it, it came from our systems account. Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 9:17 AM Subject: Re: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? What happened is that either it contained an .exe file, or it had multiple extensions (in which case Declude Virus assumes the worst, that it is an .exe file). If you send me the D*.SMD file that was quarantined, I can let you know exactly why it was blocked as an .exe file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Rick Davidson National Systems Manager North American Title Group 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 11:56 AM Subject: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? Thanks. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Yes, there is an explanation. My guess is that the AV programs didn't handle the MIME correctly, and said that it was an .exe file (or .pif/.scr/whatever) in one place and a .txt file in another. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Scott, Did you receive the second email? Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 9:39 AM Subject: Re: [Declude.Virus] BANEXT EXE I have several examples of that from last night as well, all the txt attachments were anti-virus generated attachments 03/25/2004 19:11:00 Q751409530072c4c8 MIME file: DELETED0.TXT [quoted-printable; Length=113 Checksum=12852] 03/25/2004 19:11:00 Q751409530072c4c8 Banning file deleted0.txt. 03/25/2004 19:11:01 Q751409530072c4c8 Scanned: Banned file extension. [MIME: 3 1052] Is there an explanation? Yes, there is an explanation. My guess is that the AV programs didn't handle the MIME correctly, and said that it was an .exe file (or .pif/.scr/whatever) in one place and a .txt file in another. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:50 AM Subject: Re: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! That's something very different. In the case here, the mail client is calling the E-mail both file.zip and file.zio (in which case Declude Virus assumes the worst, and treats it as a .exe). In the case you are talking about, the file is named just file.zio (in which case it is handled as a .zio file -- and delivered, unless you block .zio files). We are considering an option to automatically detect .ZIP files, even if they are renamed, just in case future viruses try asking their victims to rename the file before extracting and running the virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEXT EXE
I was just thinking, is there a way instead of having BANEXT, to allowed EXT? We want to cut down on employees bypassing the filters by renaming an attachment Maybe if it isn't in the list it is held for review Will this stop blah.txt.exe files though if we wanted .txt's to get through Jay - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:58 AM Subject: Re: [Declude.Virus] BANEXT EXE But if this is the case, how will a file be caught if somebody renames a .zip to a .zio? Will declude know the difference. Would be wonderful if it did! Jay - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 10:50 AM Subject: Re: [Declude.Virus] BANEXT EXE Hi all we just had a case where an email was banned because Declude said it had an exe in the email, when it only had a TXT. What happened here? The problem here is that the mail client (a program whose name is as poor as its MIME handling: Mail A.01.77) is giving out 2 different names for the file. In one location, it calls the file EPM11002.FILES.CANJET, in the other location it calls it EPM11002.TXT. While Declude Virus knows that a TXT file is safe, it doesn't know that a CANJET file is not safe. To ensure that the extension gets handled properly (as the worst possible file extension), it is treated as an .EXE file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.