RE: [Declude.Virus] Passing a bogus zip.
I tried now with different files and found why certain files ar not blocked with BANNAME. At the moment it's not possible to block file attachments if the name contains special characters. For example "Norton Antivirus gelöscht1.txt" the german version of "Norton Antivirus deleted1.txt" will pass the filter even if there is a BANNAME entry for this file. Now I've tried to use the encoded filename "Norton Antivirus gel=F6scht1.txt" but the file is still passing the filter. :-( That's actually because of a flaw in a Windows function that prevents some parsing from working properly if high-bit characters are encountered, and requires a lot of work for a workaround. We do have this in our suggestion database, but it is not currently a high priority (since the BANNAME option was originally designed to block viruses, not virus notifications or other types of unwanted mail). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Passing a bogus zip.
That's good, something for Scott's plate when he comes back. Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 05/21/04 03:34PM >>> For sure! I tried now with different files and found why certain files ar not blocked with BANNAME. At the moment it's not possible to block file attachments if the name contains special characters. For example "Norton Antivirus gelöscht1.txt" the german version of "Norton Antivirus deleted1.txt" will pass the filter even if there is a BANNAME entry for this file. Now I've tried to use the encoded filename "Norton Antivirus gel=F6scht1.txt" but the file is still passing the filter. :-( It's not so important - until you receive a lot of "Symantec-german cleaned" messages. Markus _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, May 21, 2004 6:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Passing a bogus zip. Do you have a BANNAME entry for that one? Matt Markus Gufler wrote: I believe the spaces in the BANNAME was fixed in 179i6 and higher. I have successfully blocked "Deleted Attachment" I'm running 1.79i7 now and messages containing an attachment like "Norton AntiVirus deleted1.txt" still pass our virus filter. ? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Passing a bogus zip.
For sure! I tried now with different files and found why certain files ar not blocked with BANNAME. At the moment it's not possible to block file attachments if the name contains special characters. For example "Norton Antivirus gelöscht1.txt" the german version of "Norton Antivirus deleted1.txt" will pass the filter even if there is a BANNAME entry for this file. Now I've tried to use the encoded filename "Norton Antivirus gel=F6scht1.txt" but the file is still passing the filter. :-( It's not so important - until you receive a lot of "Symantec-german cleaned" messages. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Friday, May 21, 2004 6:49 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.Virus] Passing a bogus zip. Do you have a BANNAME entry for that one?MattMarkus Gufler wrote: I believe the spaces in the BANNAME was fixed in 179i6 and higher. I have successfully blocked "Deleted Attachment" I'm running 1.79i7 now and messages containing an attachment like "Norton AntiVirus deleted1.txt" still pass our virus filter. ? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.Virus] Passing a bogus zip.
Do you have a BANNAME entry for that one? Matt Markus Gufler wrote: I believe the spaces in the BANNAME was fixed in 179i6 and higher. I have successfully blocked "Deleted Attachment" I'm running 1.79i7 now and messages containing an attachment like "Norton AntiVirus deleted1.txt" still pass our virus filter. ? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.Virus] Passing a bogus zip.
I've blocked 4 "Deleted Attachment.txt" and one "Quarantined Attachment.txt" I've seen nothing starting with Norton Antivirus here. You wouldn't have BANNAME Norton AntiVirus deleted0.txt in instead of deleted1.txt? Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 05/21/04 01:30AM >>> > I believe the spaces in the BANNAME was fixed in 179i6 and higher. > > I have successfully blocked "Deleted Attachment" I'm running 1.79i7 now and messages containing an attachment like "Norton AntiVirus deleted1.txt" still pass our virus filter. ? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Passing a bogus zip.
> I believe the spaces in the BANNAME was fixed in 179i6 and higher. > > I have successfully blocked "Deleted Attachment" I'm running 1.79i7 now and messages containing an attachment like "Norton AntiVirus deleted1.txt" still pass our virus filter. ? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
