[Declude.Virus] SKIPIFVIRUSNAMEHAS
Disregard my last message. If I had opened my eyes and read all my mail first I would have see the answer. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] SKIPIFVIRUSNAMEHAS
I have the line SKIPIFVIRUSNAMEHAS Vulnerability before the From: line with 4 other "skip" lines in my Recip.eml file but the Vulnerability seems to have stopped working. We are getting a ton of SPAM that is failing the Outlook vulnerabilities and customers are being notified. I am running Declude Pro 1.65 Were there any changes to this command that i missed from 1.63-1.65? Should I be using something different with the skip command? Thank you Dustin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
Thanks everyone. I was just wondering what others were doing. We use: recip.eml SKIPIFVIRUSNAMEHAS Vulnerability sender.eml SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Hybris SKIPIFVIRUSNAMEHAS Klez We do not use the postmaster emails as some servers were getting way too many and we got compliants. And I was getting too many myself... Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications360-457-9023 Nationwide access with neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
We do not skip the magistr to the sender since the info on it states that it will send the valid address as the sender 1 out of 5 times (or something like that). Since it may assist in determining the real sender on some messages and the other ones typically bounce I feel it's worthwhile. We also do not get the volumes of it as we do Klez. On Friday, May 17, 2002 9:05 AM, Bill Beach <[EMAIL PROTECTED]> wrote: >in my recip.eml: > >SKIPIFVIRUSNAMEHAS Vulnerability > >in my sender.eml: > >SKIPIFVIRUSNAMEHAS Klez >SKIPIFVIRUSNAMEHAS Vulnerability >SKIPIFVIRUSNAMEHAS Magistr > >in my otherpostmaster.eml: > >SKIPIFVIRUSNAMEHAS Klez >SKIPIFVIRUSNAMEHAS Vulnerability > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Sheldon Koehler >Sent: Friday, May 17, 2002 11:01 AM >To: [EMAIL PROTECTED] >Subject: [Declude.Virus] SKIPIFVIRUSNAMEHAS > > >Just out of curiosity, what viruses are everyone blocking with the >SKIPIFVIRUSNAMEHAS to sender and recipient? > >Sheldon > > >Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com >Ten Forward Communications360-457-9023 >Nationwide access with neighborhood support! > >"Whenever you find yourself on the side of the majority, it's time >to pause and reflect." Mark Twain > > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.Virus] SKIPIFVIRUSNAMEHAS
in my recip.eml: SKIPIFVIRUSNAMEHAS Vulnerability in my sender.eml: SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Magistr in my otherpostmaster.eml: SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Vulnerability -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sheldon Koehler Sent: Friday, May 17, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] SKIPIFVIRUSNAMEHAS Just out of curiosity, what viruses are everyone blocking with the SKIPIFVIRUSNAMEHAS to sender and recipient? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications360-457-9023 Nationwide access with neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
>Just out of curiosity, what viruses are everyone blocking with the >SKIPIFVIRUSNAMEHAS to sender and recipient? First off, you normally shouldn't block the notifications to the recipient, as it is impossible to forge the recipient's address. So far, it seems that Klez is the most important, followed by Magistr (which has a "human interpretable" forged return address) and Hybris (which always uses [EMAIL PROTECTED]). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] SKIPIFVIRUSNAMEHAS
Just out of curiosity, what viruses are everyone blocking with the SKIPIFVIRUSNAMEHAS to sender and recipient? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications360-457-9023 Nationwide access with neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.Virus] SKIPIFVIRUSNAMEHAS in default sender.eml
It doesn't do this all the time. McAfee's site states it often changes the second letter of the username. Since at least for me Magistr isn't that a frequent virus I have notification turned on for it because it's rarely that a altered e-mail is coming. Those few bounces I can handle instead of just ignoring them all together since chances are pretty good that some of the e-mails will have the correct e-mail address and a notification will inform this user of their infection so they can take care of it. Thursday, May 16, 2002, 20:59:45 PM, you wrote: >>I think the hahaha virus is listed as "W95.Hybris.gen". I read on >>Symantec site and couldn't tell if the "Magistr" used forged address. RSP> You are correct. RSP> Magistr uses a forged return address, which is the actual address with the RSP> 2nd character altered (IE "[EMAIL PROTECTED]" would become RSP> "[EMAIL PROTECTED]"). Hybris is the one that uses [EMAIL PROTECTED] RSP> -Scott RSP> --- RSP> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP> This E-mail came from the Declude.Virus mailing list. To RSP> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP> type "unsubscribe Declude.Virus". You can E-mail RSP> [EMAIL PROTECTED] for assistance. You can visit our web RSP> site at http://www.declude.com . RSP> --- RSP> [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
>also, for scott, what does a Loal2Local show in the declude logs, inbound or >outbound . If an E-mail is from a local user to a local user, it will show up as inbound. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
Here is our virus analisis for the last 2 days our main problem is sircam from our customers this has been the case for months , we tried everything we can think of to make them clean their computers, it always come back, probably from hotmail, ..., accounts. anyone have any hints ? also, for scott, what does a Loal2Local show in the declude logs, inbound or outbound . Log File Summary - Log Name Virus Count Total Scanned vir0508.log 1 040 1 040 vir0509.log 985 985 -- Virus Summary by Count --- Count Inbound/Outbound Name 91232 / 880 W32/Sircam.worm@mm 620 305 / 315 W32/Magistr.28672@mm 450 137 / 313 W32/Klez.H@mm 25 13 / 12 W32/Magistr.32768@mm 7 7 / 0W32/Klez.E@mm 3 1 / 2W32/MTX.9244.worm.A 3 3 / 0W32/Hybris.worm.D 1 1 / 0W97M/Thus.EN 1 1 / 0W97M/Thus.A 1 1 / 0W32/Hybris.worm.B 1 0 / 1W32/Backdoor.Fix2001 1 1 / 0W97M/Thus.I --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
>How does declude send notifications ? It sends them using IMail's imail1.exe. >Can we use imail rules to delete some messages (ie: if to adress is >[EMAIL PROTECTED] ?) I believe that the IMail rules will work on E-mail sent with imail1.exe, so that should do the trick. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
How does declude send notifications ? Can we use imail rules to delete some messages (ie: if to adress is [EMAIL PROTECTED] ?) - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 09, 2002 11:47 PM Subject: Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS > > >I'm getting a bunch notifications of the "SirCam" virus from the same email > >address [EMAIL PROTECTED] but the email address is not valid. > > It could be that the user has the wrong address in Outlook (it may be that > their real address is "[EMAIL PROTECTED]", but they entered it in > wrong). > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
>I'm getting a bunch notifications of the "SirCam" virus from the same email >address [EMAIL PROTECTED] but the email address is not valid. It could be that the user has the wrong address in Outlook (it may be that their real address is "[EMAIL PROTECTED]", but they entered it in wrong). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
>> I wouldn't do the SirCam but definitely the Klez<< I'm getting a bunch notifications of the "SirCam" virus from the same email address [EMAIL PROTECTED] but the email address is not valid. Delcude virus alert: Our Virus Scanner v1.52 caught the W32/SirCam@MM virus !!! in "Enrollment.xls.lnk" attachment from [EMAIL PROTECTED] Followed by Postmaster Undeliverable mail: Unknown user: [EMAIL PROTECTED] - Greg Gregory A Belcastro On The Net Internet Services www.otn.net - Original Message - From: "Eje Gustafsson" <[EMAIL PROTECTED]> To: "Webmaster" <[EMAIL PROTECTED]> Sent: Thursday, May 09, 2002 4:18 PM Subject: Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS > In the .eml file put in > SKIPIFVIRUSNAMEHAS W32/Klez > SKIPIFVIRUSNAMEHAS W32/SirCam > > I wouldn't do the SirCam but definitely the Klez since it spoofs the > >From address. > > Thursday, May 09, 2002, 17:58:29 PM, you wrote: > > W> What is the format need to use "SKIPIFVIRUSNAMEHAS" > > W> Here is how my virus scanner reports a virus: > > W> W32/Klez.h@MM virus !!! > W> W32/SirCam@MM virus !!! > > > > W> - Greg > > W> > W> Gregory A Belcastro > W> On The Net Internet Services > W> www.otn.net > > > > W> --- > W> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > W> This E-mail came from the Declude.Virus mailing list. To > W> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > W> type "unsubscribe Declude.Virus". You can E-mail > W> [EMAIL PROTECTED] for assistance. You can visit our web > W> site at http://www.declude.com . > W> --- > W> [This E-mail scanned for viruses by Declude Virus] > > > > > Best regards, > Eje Gustafsson mailto:[EMAIL PROTECTED] > --- > The Family Entertainment Network http://www.fament.com > Phone : 620-231- Fax : 620-231-4066 > eBay UserID : macahan > - Your Full Time Professionals - > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
>What is the format need to use "SKIPIFVIRUSNAMEHAS" > >Here is how my virus scanner reports a virus: > >W32/Klez.h@MM virus !!! >W32/SirCam@MM virus !!! You need to have "SKIPIFVIRUSNAMEHAS", followed by one space or tab, and text that appears within the virus name (part of the name is OK, and it is not case sensitive). So you can use "SKIPIFVIRUSNAMEHAS Klez" in this case (and "SKIPIFVIRUSNAMEHAS SirCam" if you want the SirCam notifcations to be held as well). You could use the whole string (IE "SKIPIFVIRUSNAMEHAS W32/Klez.h@MM" if you wanted to stop the notifications for just the one variant). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.Virus] SKIPIFVIRUSNAMEHAS
In the .eml file put in SKIPIFVIRUSNAMEHAS W32/Klez SKIPIFVIRUSNAMEHAS W32/SirCam I wouldn't do the SirCam but definitely the Klez since it spoofs the >From address. Thursday, May 09, 2002, 17:58:29 PM, you wrote: W> What is the format need to use "SKIPIFVIRUSNAMEHAS" W> Here is how my virus scanner reports a virus: W> W32/Klez.h@MM virus !!! W> W32/SirCam@MM virus !!! W> - Greg W> W> Gregory A Belcastro W> On The Net Internet Services W> www.otn.net W> --- W> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] W> This E-mail came from the Declude.Virus mailing list. To W> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and W> type "unsubscribe Declude.Virus". You can E-mail W> [EMAIL PROTECTED] for assistance. You can visit our web W> site at http://www.declude.com . W> --- W> [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.Virus] SKIPIFVIRUSNAMEHAS
What is the format need to use "SKIPIFVIRUSNAMEHAS" Here is how my virus scanner reports a virus: W32/Klez.h@MM virus !!! W32/SirCam@MM virus !!! - Greg Gregory A Belcastro On The Net Internet Services www.otn.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .