RE: [Declude.Virus] viruses getting through
Title: Message Also, if your server is highly stressed, IMail will steal messages from Declude (alternately, "something" makes the file in use and Declude can't process the message in a timely fashion and so fails open) and the file is delivered by IMail without Declude writing the headers or updating the log files. Andrew. p.s. We suffered self-induced delayed-server-upgrade for 6 months and saw too much of this. The new server is quite happy, thank you very much. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, June 08, 2005 2:09 PMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] viruses getting throughIf you restart your server without first stopping IMail SMTP service, it will leak messages for several seconds. Also, if you restart the IMail Queue Manager service it will steal messages from Declude. Both situations can lead to messages being passed without headers.MattDaniel Ivey wrote: Yes, I do have AVAFTERJM ON in the virus.cfg file. One clarification too, when I mentioned that the headers for Declude Virus were not there, there was also no headers for Declude Junkmail either, with I know those are working. I have attached the virus log file for so far today. We have them set to only write on error. Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 08, 2005 4:12 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] viruses getting through Declude Virus has no definitions to update. Are you using AFTERJM ON? Logs, what do the logs say? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daniel Ivey Sent: Wednesday, June 08, 2005 12:54 PM To: 'Declude.Virus@declude.com' Subject: [Declude.Virus] viruses getting through Greetings, Over the past 2 days, I have had some viruses get through my Declude Virus, with updated definitions. Has anyone else seen this? Also, when I receive an email and look at the headers of the email, I am not seeing where Declude Virus scanned the message. Does anyone have any suggestions? I am running version 1.82. Thanks, Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.Virus] viruses getting through
If you restart your server without first stopping IMail SMTP service, it will leak messages for several seconds. Also, if you restart the IMail Queue Manager service it will steal messages from Declude. Both situations can lead to messages being passed without headers. Matt Daniel Ivey wrote: Yes, I do have AVAFTERJM ON in the virus.cfg file. One clarification too, when I mentioned that the headers for Declude Virus were not there, there was also no headers for Declude Junkmail either, with I know those are working. I have attached the virus log file for so far today. We have them set to only write on error. Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 08, 2005 4:12 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] viruses getting through Declude Virus has no definitions to update. Are you using AFTERJM ON? Logs, what do the logs say? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daniel Ivey Sent: Wednesday, June 08, 2005 12:54 PM To: 'Declude.Virus@declude.com' Subject: [Declude.Virus] viruses getting through Greetings, Over the past 2 days, I have had some viruses get through my Declude Virus, with updated definitions. Has anyone else seen this? Also, when I receive an email and look at the headers of the email, I am not seeing where Declude Virus scanned the message. Does anyone have any suggestions? I am running version 1.82. Thanks, Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.Virus] viruses getting through
Yes, I do have AVAFTERJM ON in the virus.cfg file. One clarification too, when I mentioned that the headers for Declude Virus were not there, there was also no headers for Declude Junkmail either, with I know those are working. I have attached the virus log file for so far today. We have them set to only write on error. Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 4:12 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] viruses getting through Declude Virus has no definitions to update. Are you using AFTERJM ON? Logs, what do the logs say? John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Daniel Ivey > Sent: Wednesday, June 08, 2005 12:54 PM > To: 'Declude.Virus@declude.com' > Subject: [Declude.Virus] viruses getting through > > Greetings, > > Over the past 2 days, I have had some viruses get through my Declude > Virus, with updated definitions. Has anyone else seen this? Also, when I > receive an email and look at the headers of the email, I am not seeing where > Declude Virus scanned the message. Does anyone have any suggestions? I am > running version 1.82. > > Thanks, > Daniel > > === > Daniel Ivey > GCR Company / GCR Online > Voice: 434 - 570 - 1765 > Fax:434 - 572 - 1981 > [EMAIL PROTECTED] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. vir0608.log Description: Binary data
RE: [Declude.Virus] viruses getting through
Declude Virus has no definitions to update. Are you using AFTERJM ON? Logs, what do the logs say? John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Daniel Ivey > Sent: Wednesday, June 08, 2005 12:54 PM > To: 'Declude.Virus@declude.com' > Subject: [Declude.Virus] viruses getting through > > Greetings, > > Over the past 2 days, I have had some viruses get through my Declude > Virus, with updated definitions. Has anyone else seen this? Also, when I > receive an email and look at the headers of the email, I am not seeing where > Declude Virus scanned the message. Does anyone have any suggestions? I am > running version 1.82. > > Thanks, > Daniel > > === > Daniel Ivey > GCR Company / GCR Online > Voice: 434 - 570 - 1765 > Fax:434 - 572 - 1981 > [EMAIL PROTECTED] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] viruses getting through
Daniel, Do the log files show anything for these messages? If so, please send the related entries from the logs to [EMAIL PROTECTED] David Franco-Rocha Declude Technical Support - Original Message - From: "Daniel Ivey" <[EMAIL PROTECTED]> To: Sent: Wednesday, June 08, 2005 3:53 PM Subject: [Declude.Virus] viruses getting through Greetings, Over the past 2 days, I have had some viruses get through my Declude Virus, with updated definitions. Has anyone else seen this? Also, when I receive an email and look at the headers of the email, I am not seeing where Declude Virus scanned the message. Does anyone have any suggestions? I am running version 1.82. Thanks, Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] viruses getting through
Greetings, Over the past 2 days, I have had some viruses get through my Declude Virus, with updated definitions. Has anyone else seen this? Also, when I receive an email and look at the headers of the email, I am not seeing where Declude Virus scanned the message. Does anyone have any suggestions? I am running version 1.82. Thanks, Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Viruses getting through...
We are running Declude Pro with Fprot and we see a lot of viruses getting through with the attachment of Joke.com, Joke.exe, Price.com - Anyone else seeing the same thing? It appears to be the beagle variant. Are you running a recent (within the past few months) version of F-Prot (.exe file)? Do you have the latest virus definitions? A couple new variants came out a couple days ago, but with the latest .exe and virus definitions, they should get caught. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Viruses getting through...
Looking at today and yesterday's logs, F-Prot has been catching these here. It was just two viruses shy of Clam/AV in yesterday's results. Virus updates current? - Original Message - From: "Chuck Schick" <[EMAIL PROTECTED]> To: "Declude. Virus" <[EMAIL PROTECTED]> Sent: Tuesday, November 02, 2004 10:06 AM Subject: [Declude.Virus] Viruses getting through... > We are running Declude Pro with Fprot and we see a lot of viruses getting > through with the attachment of Joke.com, Joke.exe, Price.com - Anyone else > seeing the same thing? It appears to be the beagle variant. > > Any suggestions on how to fix. > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Viruses getting through...
I am seeing the same thing but I am running Webshield for SMTP. I am catching these through banned extensions. Not sure what is up. Kevin At 10:06 AM 11/02/2004, you wrote: We are running Declude Pro with Fprot and we see a lot of viruses getting through with the attachment of Joke.com, Joke.exe, Price.com - Anyone else seeing the same thing? It appears to be the beagle variant. Any suggestions on how to fix. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Viruses getting through...
Block executable files. That should be standard defense mode now-a-days. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Chuck Schick > Sent: Tuesday, November 02, 2004 8:07 AM > To: Declude. Virus > Subject: [Declude.Virus] Viruses getting through... > > We are running Declude Pro with Fprot and we see a lot of viruses getting > through with the attachment of Joke.com, Joke.exe, Price.com - Anyone else > seeing the same thing? It appears to be the beagle variant. > > Any suggestions on how to fix. > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Viruses getting through...
We are running Declude Pro with Fprot and we see a lot of viruses getting through with the attachment of Joke.com, Joke.exe, Price.com - Anyone else seeing the same thing? It appears to be the beagle variant. Any suggestions on how to fix. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] viruses getting through
I just installed the latest f-prot last night and some viruses are getting through now. I'm not surprised: SCANFILEC:\Progra~1\FSI\F-Prot\fpcmd.exe /ARCHIVE=5 /NOBO /NOME /AR /DU /P /C /AU /DEL /AP /REPORT=report.txt I don't believe those are valid options for F-Prot -- it looks like they were all abbreviated. You should use the line from the manual. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] viruses getting through
Here is a list of viruses that norton has stopped but f-prot has not stopped. ,Threat category: VirusSource: EICAR.COM,Description: The email attachment EICAR.COM within eicar.zip is infected with the EICAR Test String virus. ,Threat category: VirusSource: [EMAIL PROTECTED],Description: The email attachment [EMAIL PROTECTED] within Unknown.data is infected with the [EMAIL PROTECTED] virus. ,Threat category: VirusSource: letter.zip,Description: The email attachment letter.zip within Unknown.data is infected with the [EMAIL PROTECTED] virus. ,Threat category: VirusSource: letter.zip,Description: The email attachment letter.zip within Unknown.data is infected with the [EMAIL PROTECTED] virus. ,Threat category: VirusSource: [EMAIL PROTECTED],Description: The email attachment [EMAIL PROTECTED] within Unknown.data is infected with the [EMAIL PROTECTED] virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Danny K Sent: Thursday, July 29, 2004 2:54 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] viruses getting through I just installed the latest f-prot last night and some viruses are getting through now. I ran the eicarzip test at declude and I received the attachment. This is a test message that was sent to you because you (or someone you know) visited our page at http://www.declude.com/tools . Declude 1.79i16 Imail 8.05 SCANFILEC:\Progra~1\FSI\F-Prot\fpcmd.exe /ARCHIVE=5 /NOBO /NOME /AR /DU /P /C /AU /DEL /AP /REPORT=report.txt How can I tell which version the fpcmd is? I want to make sure it updated. It is dated 6/25/04 Any ideas on what is wrong with my config? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] viruses getting through
I just installed the latest f-prot last night and some viruses are getting through now. I ran the eicarzip test at declude and I received the attachment. This is a test message that was sent to you because you (or someone you know) visited our page at http://www.declude.com/tools . Declude 1.79i16 Imail 8.05 SCANFILEC:\Progra~1\FSI\F-Prot\fpcmd.exe /ARCHIVE=5 /NOBO /NOME /AR /DU /P /C /AU /DEL /AP /REPORT=report.txt How can I tell which version the fpcmd is? I want to make sure it updated. It is dated 6/25/04 Any ideas on what is wrong with my config? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
