[Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
Scott: My first suggestion thinking of those new Declude users that are not yet in the list and will become new declude customers as well as old ones, I suggest to add an explanation in the demo config file and the Manual about how BANEZIPEXTS and BANZIPEXTS works. Explaining that the setting should be ON and the effect it causes. The release notes are clear about the banning feature but not that clear about using the ON switch. I believe that now the only way to find that out is through the file archives. I would be very useful then to add it to the config file and the Manual. Now my question: I tested the BANEXIPEXTS ON encrypting 1 file. A .COM extension file that I ban via Banext. Declude stopped right away. Then I tested the same option encrypting 2 files: A .com extension and .log one. I don't ban .log. My objective was to see if the zip was going to be banned by Declude since it had a .COM extension. Declude didn't stop it. I tried it with 3 files. .COM and 2 txt files (txt is not banned in my configuration), and Declude didn't stop it. As far as I understand then, the BANEXIPEXTS considers that only one file is in the encrypted zip and that is the one it checks, or perhaps if there is more than one file and one of them is not in the Banext then it doesn't stop it. Let me know your thoughts. I am afraid that new viruses come in a way that 2 files come within an encrypted zip, one being a .COM, PIF, or any dangerous extension and the other one a simple txt file, so at the end Declude let it pass. How does BANEZIPEXTS work if 2 or more files are included in the encrypted ZIP and at least one of them is not in the BANEXT list. -Luis Arango __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
How does BANEZIPEXTS work if 2 or more files are included in the encrypted ZIP and at least one of them is not in the BANEXT list. With the original interim release that added the BANEZIPEXTS option, it would only look at the first file. That was due to the speed needed to add the feature (Declude Virus already had access to the information needed to check the first file, but not subsequent files). With the latest beta, though, this was expanded so that if you use BANEZIPEXTS ON and any file in the encrypted .ZIP file has a banned file extension, the E-mail should be blocked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
I am using version 1.79 Beta. I believe that the expanded feature you mentioned is not incorporated in this 1.79 beta version then. I will run my tests again to make sure and let you know. That is not correct. We only have one "source code tree". That means that when a new feature is added, any subsequent release will contain that feature. So if v1.78i30 has a new feature in it, v1.79 will have it as well. Could you send me one of the .ZIP files you are testing with, so that I can test it here? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
I did some tests again, and the zips where caught. However the initial test file I used wasn't caught. I haven't been able to reproduce the file again in away it is not caught by declude. But I have the original file that I tested and retested and that Declude let it pass. I am sure that the problem is not declude, but the file. I will send it to your virustrap address so you can take a look and test it your self. Bye -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 07, 2004 6:35 AM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion >I am using version 1.79 Beta. I believe that the expanded feature you >mentioned is not incorporated in this 1.79 beta version then. I will run my >tests again to make sure and let you know. That is not correct. We only have one "source code tree". That means that when a new feature is added, any subsequent release will contain that feature. So if v1.78i30 has a new feature in it, v1.79 will have it as well. Could you send me one of the .ZIP files you are testing with, so that I can test it here? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
I did some tests again, and the zips where caught. However the initial test file I used wasn't caught. I haven't been able to reproduce the file again in away it is not caught by declude. But I have the original file that I tested and retested and that Declude let it pass. I am sure that the problem is not declude, but the file. I will send it to your virustrap address so you can take a look and test it your self. There is indeed something odd about that .ZIP file, that doesn't appear to conform to the specs for .ZIP files. But, a standard copy of pkunzip is able to handle the file, so we have a new interim release 1.79i2 at http://www.declude.com/interim that will handle this as expected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
The new site looks good. But where can I find the interim releases now? Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, 8 April 2004 2:57 a.m. To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion >I did some tests again, and the zips where caught. However the initial >test file I used wasn't caught. I haven't been able to reproduce the >file again in away it is not caught by declude. But I have the original >file that I tested and retested and that Declude let it pass. > >I am sure that the problem is not declude, but the file. I will send it >to your virustrap address so you can take a look and test it your self. There is indeed something odd about that .ZIP file, that doesn't appear to conform to the specs for .ZIP files. But, a standard copy of pkunzip is able to handle the file, so we have a new interim release 1.79i2 at http://www.declude.com/interim that will handle this as expected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
The new site looks good. Thank you. :) But where can I find the interim releases now? The new location is http://www.declude.com/version/interim . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: X-SPAM-Phrase Re: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion
I am using version 1.79 Beta. I believe that the expanded feature you mentioned is not incorporated in this 1.79 beta version then. I will run my tests again to make sure and let you know. -Luis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, April 06, 2004 8:14 PM To: [EMAIL PROTECTED] Subject: X-SPAM-Phrase Re: [Declude.Virus] BANEZIPEXTS and BANZIPEXTS question and suggestion >How does BANEZIPEXTS work if 2 or more files are included in the encrypted >ZIP and at least one of them is not in the BANEXT list. With the original interim release that added the BANEZIPEXTS option, it would only look at the first file. That was due to the speed needed to add the feature (Declude Virus already had access to the information needed to check the first file, but not subsequent files). With the latest beta, though, this was expanded so that if you use BANEZIPEXTS ON and any file in the encrypted .ZIP file has a banned file extension, the E-mail should be blocked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] [AUTOMATED NOTE: Your mail server [129.250.225.148] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
