I have my logging set to LOW but my log files are still about 40-50Mb
per day. We do process about 100K emails.
What is the appropriate way to handle such a volume of info and not
spend all day doing it?
Thanks,
Doug
---
[This E-mail was scanned for viruses by Declude Virus
I have my logging set to LOW but my log files are still about 40-50Mb
per day. We do process about 100K emails.
What is the appropriate way to handle such a volume of info and not
spend all day doing it?
One option would be to use the LOG_OK NONE option -- if you add that line
to the
Great tip Scott.
Thanks,
Doug
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.Virus-owner;declude.com] On Behalf Of R. Scott Perry
Sent: Wednesday, November 13, 2002 7:22 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Log Files
I have my logging set to LOW but my log
Scott,
Is the ability there for F-prot to give you the NAME of the virus in the
log? instead of Infected with a virus.? We have the Windows version
running.
Does F-Prot keep a log of useage by Declude with infections? I'd like to
get some feel for what is coming in.
Thanks!
Paul
---
Running 1.62i beta interm here.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.
Title: Message
Hi;
Has anyone seen
this?
http://www.messagelabs.com/viewNewsPR.asp?id=109cmd=PR
MessageLabs is currently intercepting hackers who
are mass-mailing trojans to unsuspecting users. The spread of this new
threat suggests that infected machines could
It was posted on the Imail list also.
The payload is in an .exe attachment.
Thus, every one is safe until all the AV companies come out with updated
definitions because we all block unsafe attachments, right?
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton,
Also, I started catching Outlook 'MIME segment in MIME Preamble'
Vulnerability messages overnight, so this trojan may be getting caught by
that also.
Scott, yes/no?
This is also known as Troj/Dloader-BO.
http://www.sophos.com/virusinfo/analyses/trojdloaderbo.html
John Tolmachoff MCSE, CSSA
IT
Is the ability there for F-prot to give you the NAME of the virus in the
log? instead of Infected with a virus.? We have the Windows version
running.
If you use LOGLEVEL MID (in the \IMail\Declude\virus.cfg file), Declude
will report the virus name in the log file.
Does F-Prot keep a
Also, I started catching Outlook 'MIME segment in MIME Preamble'
Vulnerability messages overnight, so this trojan may be getting caught by
that also.
Scott, yes/no?
It's quite possible. I haven't seen any samples of these yet, so I can't
say for certain.
If you want, you can send one of
Scott you are Awesome! One of the many reasons why our company enjoys doing
business with you and Declude.
Thanks!
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.Virus-owner;declude.com]On Behalf Of R. Scott Perry
Sent: Wednesday, November 13, 2002 2:50 PM - MGMT
LOL! you kill me. i think he got the pointhopefully
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 13, 2002 12:50 PM
Subject: RE: [Declude.Virus] Current Version of Declude
Not to beat a dead horse to death but what
What types of files would get identified as suspicious with this option?
Bill
-Original Message-
From: R. Scott Perry
Sent: Wed, 13 Nov 2002 14:00:35 -0500
Subject: Re: [Declude.Virus] hmmm... F-prot error 8?
After setting my Log to MID, I was going through it to see what is being
I've seen this with F-prot on:
1. New viruses in which F-prot spots suspicious characteristics but
doesn't match any signature because the definition file is not yet updated.
2.) An impotent KAK signature - the object ID is in the HTML message,
but no payload. The sender removed most,
14 matches
Mail list logo