http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
val.tool.html
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Charles Frolick
> Sent: Monday, August 11, 2003 9:16 AM - FamHost
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Vir
> It will block files based on the file name. So if you use "BANNAME
> message.zip", it will ban any attachments that are named "message.zip"
Can you use wildcards?
No -- it just looks for an exact match.
-Scott
---
Declude JunkMail: The advance
Waste of time, we've already been through this many times, it currently will
not get caught by F-Prot.
Bill
- Original Message -
From: "Dan Star" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 05, 2003 8:44 AM
Subject: Re: [Declude.Virus] [EMAIL PROTECTED] Virus Fprot D
We have Liebert Online UPSs (work with our natural gas backup generator). But I do
see that APC makes a standalone unit model # AP9312TH that has an ethernet
interface. Does anyone have experience with this unit? -- Dan
"John Tolmachoff (Lists)" wrote:
> If you have a APC UPS, you can add a m
Thanks Fritz!!
Eddie :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Fritz Squib
Sent: Tuesday, August 05, 2003 2:20 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] AVG - Not identifying virus found.
Eddie,
After some fooling around, I *THINK* t
> >I assume its advisable to remove the BANNAME in the virus.cfg file now,
eh?
>
> Yes. Although it's nice to have an extra layer of protection, it's quite
> possible that someone will intentionally send a file m e s s a g e . z I p
in the future.
First, kudos to Scott for adding this ability.
Thanks Scott! I understand about the archive but if it was critical I
thought I would have received a response from the list faster than it would
have been for me to look it up.
Greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Tuesda
Installing the new version results in the same dates as the old version,
except the signatures are from 7/28 rather than June (requiring an update of
the signatures if you let the older ones in the "new" version install).
> -Original Message-
> From: i360 Support
>
> Scott,
>
> You might b
Samantha,
If you're the responsable person for your mailserver and virus
protection in your company or for your users please subscribe to some
newsletters offered from different AV companies.
Try to read and understand any single message comming from this lists.
The Declude-Virus list is also a v
um.. probably cause the vendors 'patch worm' would say consist of about 28k
code and there patches are usually like 50 megs.. wouldn't that suck down a
ds3 fibre link pretty fast .. let alone make ya puke trying to patch it via
a 28.8 dialup?
fwiw,
;-)
~Rick
> -Original Message-
> From:
Scott, on this particular one, I have also seen 2 caught. Should we initiate
a dialog with Paypal so that they fix their problem?
We've already contacted them. They are most likely deleting the reports to
them. Unfortunately, large companies like PayPal and Amazon are often
unable to process r
Except that the IMAIL server itself was not protected, unless another
real-time scanner is installed.
And any user that disabled their real-time scanner was not protected (as the
emails kept coming thru).
And users that didn't have their signatures set to download often.
And home users that had
I'm curious as to what online scanner everyone is using for Windows 2000
Advanced Server? I'm using f-prot for email but want to add a scanner for
the system itself.
TIA
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Vir
I do know this was discussed previously on this list as an issue, but I
can't remember exactly what the solution was. I do know that it was
mentioned that in most cases this is not an issue, since most viruses now
days seem to autosend without the user intentionally attaching them. What
versions
Finally caught my first W32/Mimail virus tonight using the new F-Prot
3.14a / new defs ... I'm so relieved
And I'm running the 32 bit command line version.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing lis
I had a customer email meflamingour server because a message keeps poping up
saying the system is shutting down and then reboots their PC. I searched
Sophos and a couple others, but cannot find a virus that fits this
description. But I thought I saw something on the news this last weekend.
Anyone
what is the spool \ overflow directory, (filled with Qsmd)
and what should i do about it ?
It's best just to ignore it. It is used by Declude Queue to speed up mail
delivery. Normally, those Q*.SMD files would be sitting in the
\IMail\spool directory, but if they are in the \IMail\spoo
Reply to: R. Scott Perry
Re: [Declude.Virus] 3rd Scanner Not Logging? on Tuesday 4:27:00 PM
Well I found how to make it report. Use avg.exe instead of
avgscan.exe in declude command line settings for AVG:
08/12/2003 17:45:26 Q6e00024c0264e7c1 Scanner 1: Virus=: EICAR_Test_File
Attachment=e
Good Morning,
We are running Declude on our Imail server with
F-Prot for Windows. It is doing its job as far
as we can tell. However yesterday we ran the
F-Prot Scan of the entire hard drive and our
machine is infected with about 30 virus's,
trojans, worms, etc. They are in various
folders like
> Finally caught my first W32/Mimail virus tonight using the
> new F-Prot 3.14a / new defs ... I'm so relieved
Returned from holidays I haven't seen any MiMail message in our virus
folder. (?)
Neither F-Prot nor Mcafee has found something. (??)
*panic*
Also there was no noticeable increase on c
This really doesn't have to do with Declude, however I just got done working
on a friends PC who was infected with this worm today. After doing
everything it said on Symantec's and Mcafee's site, I still had another
problem.
I was getting a RPC error window popping up and would shutdown the PC in
Here is the response I received from them this morning:
The Mimail.A worm started spreading this weekend and has already gained wide
distribution. W32/[EMAIL PROTECTED] spreads by infected attachments to e-mail
messages disguised as being from the recipient's local administrator.
W32/[EMAIL PROTE
Hello,
We'd been going along just find catching minmail right and left, then a few
minutes ago a copy slipped in. It wasn't detected by the desktop scanner
either, even though definitions are up to date.
What address do I send a copy of this minmail to have you folks check and
see if it might be
Thank you Scott,
This is the reason why I use this product... SERVICE! You went the extra
mile to help your customers even when there is an issue with someone elses
stuff.
Bravo Declude! Bravo R. Scott Perry!
Jeff Kratka
*
TymeWyse Internet
P
We'd been going along just find catching minmail right and left, then a few
minutes ago a copy slipped in. It wasn't detected by the desktop scanner
either, even though definitions are up to date.
Do you mean that it did not get caught by Declude Virus, and it also did
not get caught by the desk
We are using a Environmental Monitoring card in our APC Symetra UPS to
provide email notification, but we also have an Only Sensaphone Unit,
http://sensaphone.com The cool thing about the sensaphone is that it can
actually sequentially call voice phone numbers and provide a verbal readout
of condi
> It will block files based on the file name. So if you use "BANNAME
> message.zip", it will ban any attachments that are named "message.zip"
Can you use wildcards?
What I'd really like to do is ban all attachments to my lists (but allow attachments
to all of my
other clients). Using Pro this s
do i send an email from webmail opened on a terminal session, and sending
eicar.com out in the world it will NOT trigger any of the
options witch are in the virus config file f.ex banext
Why ?
That's because in versions of IMail before v8, they set it up so that
outgoing E-mail from web messagi
>>You should have the ban's in your "\IMail\spool\virus\Hold" directory.
I didn't have the hold directory at first (perhaps deleted in error in the
past), but I've since added it. Since then I've seen e-mails banned by the
ban extension but nothing has shown up in the hold directory. Is there
so
How about a simple question?
-- have you ran Declude.exe in the new server?
If not simply double click the Declude.exe and test again.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ISPhuset Nordic AS
Sent: Tuesday, August 12, 2003 4:16 P
Where is the batch file that uses wget to update the f-prot dos software for
use with declude? The version I have has been updating the virus
definitions but it has not been updating the engine (I had to upgrade
manually to ver 3.14a.
If you go to http://www.declude.com/tools , I believe there ar
> If you upgrade F-Prot to v3.14 or later, it will get caught.
It must be 3.14a or later. We were running 3.14 before. But it is working
with the latest engine.
Sheldon
Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com
Ten Forward Communications 360-457-9023
Nationwide
with the new engine and using f-prot.exe and sending from my outlook
client i get a virus warning and its ok
but doing the same with fpcmd.exe it get caught of the banext
This sounds like a separate issue -- the command lines for F-Prot.exe and
fpcmd.exe should be identical *except* that you mus
I have an enclosed the headers of an e-mail which got blocked by Declude
Virus as having the Vulnerability listed in the title of this message.
Great! Declude Virus is doing its job. :)
Any up-to-date mailserver virus scanner should have caught this E-mail:
...
Subject: Don't forget to claim y
I use Symantec (Norton) Corporate 8.1.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of Danny Klopfer
> Sent: Thursday, August 14, 2003 11:43 AM
>
Title: Message
I have not seen
this virus.. but from the sound of what I read at Symantec I thought it is
coming via an email payload.
I was wrong
then...
Oh well... two
wrongs for one day.. it has to be Monday.
Kami
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL
Have sett up the server in the exact same with one exception
on the old server i use f-prot312c
on the new server i user f-prot314a_m
when i run a test with eicar.com on the server localy in webmail
it slips through when i have i only the on demand scanner installed
copy of config
#
# Declude
Below is a message that one of my users is getting daily. The message below also
comes with an attachment called message.zip.
Anyone seen this? Is this a virus?
Thanks
Samantha
**Below is the message that is referred to above***
Hello there,
I would like to infor
Well I found how to make it report. Use avg.exe instead of
avgscan.exe in declude command line settings for AVG:
08/12/2003 17:45:26 Q6e00024c0264e7c1 Scanner 1: Virus=: EICAR_Test_File
Attachment=eicar.com [1] I
08/12/2003 17:45:27 Q6e00024c0264e7c1 Scanner 2: Virus= the W32/TryMem
virus !!! At
64 bit version has a different build number. I am not sure what it is off
hand.
Unless you are dealing with a serious gamer or programmer, I do not think
they would have spent the money of the 64 bit version.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
08/12/2003 05:23:13 Qc0100ea3011071fb Scanned: Virus Free [Prescan OK][MIME: 1 1678]
08/12/2003 05:23:19 Qc012117801167b13 MIME file: [text/html][quoted-printable;
Length=881 Checksum=72056]
08/12/2003 05:23:19 Qc012117801167b13 MIME file: KOF2002.exe [base64; Length=34304
Checksum=3657899]
08/12
running the exact same version
but what i found here is that if i log onto my webmail on the old server i can send
and eicar.com file to my account on another
domain and it is not being stopped either from the virus scanner or from the banext in
my config file
but do i send it from my mailclien
Are you running the same versions of Imail and declude on each server, I
seem to remember something a while back about needing a later version of
Imail or Declude to catch webmail based virus attachments.
Jim Matuska Jr.
Computer Tech II
CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
-
That fixed it
thanks a lot
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: 12. august 2003 22:47
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] problems when testing a new server
>with the new engine and using f-prot.exe and se
Everyone,
Here is my thought:
The blaster worm uses an exploit in RPC to insert itself (executing
code) into computers and self propogate to other un-patched computers.
Why then, wouldn't the vendor want to write it's own worm that fixes the
exploit? To minimize impact it could randomize the ex
Look in the mail from this mailing list on 12.08.2003 at 6:47 subject
Blaster worm!
Hermann
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Sheldon Koehler
> Sent: Wednesday, August 13, 2003 9:10 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.Virus] Ne
Can somebody tell me what this vulnerability is as I do not see it list in
the Declude Virus site nor have I seen it discussed here. This is also the
first time I have seen this specific vulnerability caught. I did just
recently upgrade Declude to 1.75.
My concern in this case is that it came from
Scott, on this particular one, I have also seen 2 caught. Should we initiate
a dialog with Paypal so that they fix their problem?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
>
>>You should have the ban's in your "\IMail\spool\virus\Hold" directory.
I didn't have the hold directory at first (perhaps deleted in error in the
past), but I've since added it. Since then I've seen e-mails banned by the
ban extension but nothing has shown up in the hold directory. Is there
s
Scott,
Where is the batch file that uses wget to update the f-prot dos software for
use with declude? The version I have has been updating the virus
definitions but it has not been updating the engine (I had to upgrade
manually to ver 3.14a. Also is there an automated way that I could download
t
ahh that explains a lot
thought for a moment here it was my scanner messing with me
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: 12. august 2003 22:27
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] problems when testing a new
Can somebody tell me what this vulnerability is as I do not see it list in
the Declude Virus site nor have I seen it discussed here. This is also the
first time I have seen this specific vulnerability caught.
This vulnerability occurs when the headers of an E-mail claim that two or
more different
That's Mimail. If you are using F-Prot, v3.14 or higher is required to
catch this.
-Scott
At 10:07 AM 8/11/2003, Bridges, Samantha wrote:
Below is a message that one of my users is getting daily. The message
below also comes with an attachment called message.
Could someone look at the attached message file and tell me where the exact
problem is with the vulnerability?
The Declude Virus log shows:
08/05/2003 18:09:42 Q2b24009a0072c017 Outlook 'CR' vulnerability [To:
koland] in line 3
08/05/2003 18:09:42 Q2b24009a0072c017 File(s) are INFECTED [[Outlook
http://www.pcmeasure.com/
MRTG/SNMP integration -- inexpensive
Heinrich
- Original Message -
From: "Dan Star" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 07, 2003 4:16 PM
Subject: [Declude.Virus] OT: Server Room Environmental Monitor?
> I looking for suggestions
> Any time something like this happens, where a virus is not caught, we
> compare the file that Declude Virus creates with the one created by a
> standard mail client, just to be sure that it isn't something with the way
> that Declude Virus is decoding the E-mail. In this case, though, that
> was
FYI, we just received an E-mail from F-Prot alerting of new virus
definitions, and we have tested them with the new DOS version 3.14a (dated
5 Aug 2003), and it is now able to detect Mimail. Note that it *does* seem
to require an updated .exe file.
I wonder what the heck has happend to F-prot...I have lost all my confidence
in them..
Four days is way to long to take to solve this problem. Their website hasn't
been updated for a while now...
Don
- Original Message -
From: "Bill Landry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Se
I have been out of the office at a client all day and was just about to
update the dos version software when I noticed with the latest def files, it
is finally catching it with DOS version 3.13a.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Origi
*** AVG Anti-Virus 7.0 File Server Edition ***
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Webmaster Oilfield
Directory
Sent: Monday, August 04, 2003 9:35 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] AVG
I'm confused which avg version are y
I'm running McAfee NetShield on the servers, where I can exclude certain
folders, e.g., the Imail Spool folder tree.
I am too, with the IMAIL directory excluded, and haven't
had any problems with either Declude or infections on the mail server
itself.
And, FYI, McAfee was catching the Mimail vi
I assume its advisable to remove the BANNAME in the virus.cfg file now, eh?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, August 05, 2003 1:35 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] New interim release of Decl
This is an awesome feature to add. This will also help with future virus
outbreaks that have us waiting for definition files to be updated
from our antivirus vendors...
Thanks
Don Hickey
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday
With version 7 I couldn't use the "avgscan.exe" (Scanned: Error starting
scanner) but it worked with
"C:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC /REPORT=report.txt"
Thanks..
Mike
-Original Message-
>SCANFILE2 C:\Progra~1\Grisoft\AVG6\avgscan.exe /NOMEM /NOSELF /ARC
>/REPORT=r
64 matches
Mail list logo
