Use the SKIPIFVIRUSNAMEHAS command in your sender.eml, that way a
notification will not be sent to sender if an specific virus is caught
For example.. here is what we have in sender.eml at the beginning of
the file
SKIPIFVIRUSNAMEHAS Vulnerability
SKIPIFVIRUSNAMEHAS Magistr
SKIPIF
I am sure this has been discussed many times in the past, but I have been
out of the loop, so forgive me for asking again. How do you notify your
customers who send viruses without notifying the ones with spoofed return
addresses? When we had the SoBig virus going around, we had to literally
shu
If you look at the manual site you will the email called: Bannotify.eml
That is what is sent when a banned extension is sent. I will send you a
copy off list of what we have.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chad Killi
I am sure this has been discussed many times in the past, but I have been
out of the loop, so forgive me for asking again. How do you notify your
customers who send viruses without notifying the ones with spoofed return
addresses? When we had the SoBig virus going around, we had to literally
shut
Ok thanks, but what does a user who sends this type of ext get from our
server? Is there some sort of eml file I need to add?
Chad
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Thursday, October 02, 2003 4:22 PM
To: [EMAIL PROTECTED]
Chad:
This is what we have in our virus.cfg file. No regrets and no apologies for
blocking them. We think of this as a fact of life...
BANEXT asp
BANEXT bas
BANEXT bat
BANEXT CEO
BANEXT chm
BANEXT cmd
BANEXT com
BANEXT e
So with that done, what does the user sending the executable get? Do they
get a returned email with an error, and if so, would you be so kind as to
show me what message you show people. I just hate to jump in blind, if
someone already has it figured out.
Chad
-Original Message-
From: [E
With Declude Virus.
In the Virus.cfg file, for each banned extension, you have a line like so:
BANEXT exe
BANEXT pif
And so forth.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.V
What is the best way to exclude these in your opinion??? Can Declude do it,
or Imail?
Chad
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Thursday, October 02, 2003 1:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus]
Today I have received an avert from another regional ISP (using unix
mailservers and av engine)
The message informs that they have reduced temporaly the max. recipients
per message from 100 down to 10 because a "very agressive email worm"
make this necessary.
Anyone has seen such an agressive wor
Chad, exe is the absolute first extension that should be banned.
In the three years I have been doing this, I have had a handful of
complaints about this. Once I explained the reason, they agreed.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Ori
Maybe I'm mistaken, but this appears to be a Swen that was
forged... First one of seen.
Declude Virus v1.75 caught the W32/[EMAIL PROTECTED] virus !!! in cgzkcu.exe
from [EMAIL PROTECTED] to: [EMAIL PROTECTED]
Actually, Elisabetta Crovato is an Italian name, and:
Received: from vsmtp1.tin.it
Maybe I'm mistaken, but this appears to be a Swen that was forged... First
one of seen.
Declude Virus v1.75 caught the W32/[EMAIL PROTECTED] virus !!! in cgzkcu.exe
from [EMAIL PROTECTED] to: [EMAIL PROTECTED]
***
Date: 10/02/2003 12:12:02
Subject:Error Advice
Spool File: D5c5951280
Well, I have upgraded to 3.14, but still see TONS of these viruses getting
through. Please help if you can...
Have you checked to see that:
[1] They actually have an .exe (or similar) attachment?
[2] The attachment is not 0 bytes?
[3] The attachment is complete, and not truncated?
Any E-mails th
If you don't start to block these dangerous extensions it's just going to
continue to cause you problems in the future.
My users where not happy at first but after I explained why they were all
more than happy to help fight the spread of viruses.
Greg
-Original Message-
From: [EMAIL PR
Hmm, I'd just send out an e-mail stating that due to recent influx of
virus's and virus's contained within EXE files, you're updating the mail
server security policy. Then state that beginning %on this date% the
following file extensions will be blocked: yadda-yadda-yadda.
Most will be angry tha
I would suggest a notification to users telling them that as of X date, the
e-mail system will no longer accept/transmit e-mails that have .exe/.bat/or
whatever extentions attached. Then give them a breif, and honest
explanation of the risks that it poses them and you. You can even include
inform
> With the problems I've seen with F-Prot like the one mentioned below. Why
> did you F-Prot users choose F-Prot over other brands like McAfee?
Something is probably not right in his configuration, as this problem has not been
reported on
machines running the latest f-prot version. We certainly s
Hi;
We have never had any problem with F-Prot. It has always been working
perfectly.. In all these years the Message.zip was the only incident that
they were late in releasing the signature but that was because of the nature
of the virus that required them to fix something in their code.
F-Prot:
We have never filtered EXE before, so it would just cause too many problems
to do this now. We have well over 25 thousand customers using this server,
and I hate to spring something like that on them. The others, sure, we can
exclude those, but just don't want to do EXE. Thanks.
Chad
-Ori
With the problems I've seen with F-Prot like the one mentioned below. Why
did you F-Prot users choose F-Prot over other brands like McAfee?
Greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chad Killion
Sent: Thursday, October 02, 2003 11:03 AM
To: [EMAIL
Chad,
Is there any reason why you can't filter on common virus extensions. This
will cutdown on many viruses. It is common practice not to accept exe, com,
bat, pif, scr, and the list goes on...
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Well, I have upgraded to 3.14, but still see TONS of these viruses getting
through. Please help if you can...
Chad
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler
Sent: Wednesday, October 01, 2003 5:38 PM
To: [EMAIL PROTECTED]
Subject: Re
This is a bit off topic, but for anyone who doesn't monitor the NTBugTraq
list, check out the following post. I've already had one user get nailed.
Steve
Yesterday NTBugtraq was informed of an active attack against users of
Internet Explorer. I'd like to thank Steve Shockley for informing me.
T
Does anyone know if the F-Prot real time scanner relies on the NTFS Change
notification kernel driver?
Here's my problem... I use Microsoft Index Server for web indexing. Index
Server and ANY Antivirus software that uses the NTFS Change notification
journal do not work together.
You get index corr
Since upgrading to IMail 8.03, I began getting this error several times
each day -
Error 183 creating temp directory D:\IMAIL\spool\Dfce20c8602461764.vir\.
(The error is something like "already exists").
Have been running 1.69i7 since May and never saw that error.
This is something that we
Is Swen a forged virus?
No (as far as Declude is concerned). The "From:" header is forged, but the
return address (the one that Declude uses) is not forged. It will normally
come from an address that the recipient does not recognize, however (since
it mostly seems to get addresses from web pa
Is Swen a forged virus? I tried to get to the .eml links on the manual page
but it didn't go. Need to see if I need to update my notification templates.
Thanks,
Mike
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus ma
Since upgrading to IMail 8.03, I began getting this error several times
each day -
Error 183 creating temp directory D:\IMAIL\spool\Dfce20c8602461764.vir\.
(The error is something like "already exists").
Have been running 1.69i7 since May and never saw that error.
---
[This E-mail was
29 matches
Mail list logo
