RE: [Declude.Virus] BanNotify Problem
I did not think that I had another scanner in the way but now I am going to have to go back and check further. Thank you for the explanation. Goran Jovanovic The LAN Shoppe > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of Dan Horne > Sent: Friday, July 23, 2004 8:50 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] BanNotify Problem > > It would seem that in your setup, before Declude processes the message, it > gets sent to another program for processing (possibly on a gateway server, > or another antivirus program on the same server). > > 1) From your setup, Declude shouldn't have banned the first message, and > it > didn't (AFAIK, Declude doesn't strip attachments, it holds the entire > email). > 2) The second one seems to have had the EXE stripped out of the zip file, > which as before, Declude doesn't strip attachments, it blocks them. When > the exe was stripped out, it "broke" the zip file, therefore you got the > vulnerability. > 3) Your first scanner apparently doesn't have the ability to scan inside > encrypted zips, so it let the last one pass, but Declude blocked it > correctly. > > > Dan Horne > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matt > Sent: Thursday, July 22, 2004 4:47 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] BanNotify Problem > > Goran, > > Are you running any other software or hardware that might be inspecting > these messages? The EXE response doesn't seem very Declude'ish. > > Matt > > > > > Goran Jovanovic wrote: > > >I have Virus Pro latest interim release 179i8. > > > >I have BANEXT EXE and BANEXT EZIP in my config file. I do not have > >BANEXT ZIP, BANZIPEXT nor BANEZIPEXTS > > > >I have a bannotify.eml file in my \imail\declude directory > > > >So I sent a couple of tests > > > >EXE only attachment: > > > >I did NOT get my bannotify message. I got the following appended to my > >email > > > >File attachment: MarchBreak2004infoflyer.exe The file attached to this > >email was removed because the file name is not allowed. > > > >EXE in a ZIP file > > > >I got a Vulnerability Alert message telling me that I had the Outlook > >Vulnerability [Invalid ZIP Vulnerability]. This should have got through. > > > >EXE in an encrypted ZIP > > > >I actually got my BANNOTIFY on this one. > > > >Why did the EXE only not send me the BANNOTIFY? > >Why did the EXE in a ZIP send me a vulnerability message? > > > >Thanx > > > > > > Goran Jovanovic > > The LAN Shoppe > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.Virus mailing list. To unsubscribe, > >just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus".The archives can be found > >at http://www.mail-archive.com. > > > > > > > > > > -- > = > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > = > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] BanNotify Problem
It would seem that in your setup, before Declude processes the message, it gets sent to another program for processing (possibly on a gateway server, or another antivirus program on the same server). 1) From your setup, Declude shouldn't have banned the first message, and it didn't (AFAIK, Declude doesn't strip attachments, it holds the entire email). 2) The second one seems to have had the EXE stripped out of the zip file, which as before, Declude doesn't strip attachments, it blocks them. When the exe was stripped out, it "broke" the zip file, therefore you got the vulnerability. 3) Your first scanner apparently doesn't have the ability to scan inside encrypted zips, so it let the last one pass, but Declude blocked it correctly. Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, July 22, 2004 4:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BanNotify Problem Goran, Are you running any other software or hardware that might be inspecting these messages? The EXE response doesn't seem very Declude'ish. Matt Goran Jovanovic wrote: >I have Virus Pro latest interim release 179i8. > >I have BANEXT EXE and BANEXT EZIP in my config file. I do not have >BANEXT ZIP, BANZIPEXT nor BANEZIPEXTS > >I have a bannotify.eml file in my \imail\declude directory > >So I sent a couple of tests > >EXE only attachment: > >I did NOT get my bannotify message. I got the following appended to my >email > >File attachment: MarchBreak2004infoflyer.exe The file attached to this >email was removed because the file name is not allowed. > >EXE in a ZIP file > >I got a Vulnerability Alert message telling me that I had the Outlook >Vulnerability [Invalid ZIP Vulnerability]. This should have got through. > >EXE in an encrypted ZIP > >I actually got my BANNOTIFY on this one. > >Why did the EXE only not send me the BANNOTIFY? >Why did the EXE in a ZIP send me a vulnerability message? > >Thanx > > > Goran Jovanovic > The LAN Shoppe > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To unsubscribe, >just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus".The archives can be found >at http://www.mail-archive.com. > > > > -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] BanNotify Problem
Goran, Are you running any other software or hardware that might be inspecting these messages? The EXE response doesn't seem very Declude'ish. Matt Goran Jovanovic wrote: I have Virus Pro latest interim release 179i8. I have BANEXT EXE and BANEXT EZIP in my config file. I do not have BANEXT ZIP, BANZIPEXT nor BANEZIPEXTS I have a bannotify.eml file in my \imail\declude directory So I sent a couple of tests EXE only attachment: I did NOT get my bannotify message. I got the following appended to my email File attachment: MarchBreak2004infoflyer.exe The file attached to this email was removed because the file name is not allowed. EXE in a ZIP file I got a Vulnerability Alert message telling me that I had the Outlook Vulnerability [Invalid ZIP Vulnerability]. This should have got through. EXE in an encrypted ZIP I actually got my BANNOTIFY on this one. Why did the EXE only not send me the BANNOTIFY? Why did the EXE in a ZIP send me a vulnerability message? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] BanNotify Problem
I have Virus Pro latest interim release 179i8. I have BANEXT EXE and BANEXT EZIP in my config file. I do not have BANEXT ZIP, BANZIPEXT nor BANEZIPEXTS I have a bannotify.eml file in my \imail\declude directory So I sent a couple of tests EXE only attachment: I did NOT get my bannotify message. I got the following appended to my email File attachment: MarchBreak2004infoflyer.exe The file attached to this email was removed because the file name is not allowed. EXE in a ZIP file I got a Vulnerability Alert message telling me that I had the Outlook Vulnerability [Invalid ZIP Vulnerability]. This should have got through. EXE in an encrypted ZIP I actually got my BANNOTIFY on this one. Why did the EXE only not send me the BANNOTIFY? Why did the EXE in a ZIP send me a vulnerability message? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.