The server is a Compaq Proliant with Dual Piii 800's, RAID 5 (I know - RAID
1,0 is better - it's on the schedule to be re-config'd), 1GB RAM, defragged
by diskkeeper every nite
We run IMAIL program on C: and spool mailboxes on D:
I identified the outside hit increase as coming from an outside
How about putting the interim release number on the interim release page?
That is something that we have considered, but we will likely not be doing
(due to the extra work involved).
Or when you do announce interim releases to the list including the interim
release number. That way everyone
Hi,
I have a customer that is insisting I let .zip files through (I have them
banned right now).
Is there any way to allow email to a single address to go through? If I do
a whitelist entry for this one email address in the global.cfg, will that
work?
Thanks, andy
thumpernet
---
[This E-mail
I have a customer that is insisting I let .zip files through (I have them
banned right now).
Is there any way to allow email to a single address to go through? If I do
a whitelist entry for this one email address in the global.cfg, will that
work?
You could disable virus scanning for that one
I agree with your customer. Why do you ban all zip files? How are they expected to
conduct business if their business requires transferring files? My customers required
that I create a way for them to retrieve the infected files for them.
You could simply do that. Allow the customer to
Because I am dealing with unsophisticated uses that click on anything
attached.
There was so much confusion on the list at the time that I just banned all
zip files, better safe than sorry.
I would now need to go back and try to figure out exactly what settings I
need to stop the bad stuff and
I have the pro version
syntax please
Thanks, andy
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 1:13 PM
Subject: Re: [Declude.Virus] whitelisting?
I have a customer that is insisting I let .zip files through (I have
You could disable virus scanning for that one customer (if you are using
Declude Virus Pro). But it is not possible to set the banned file
extensions or vulnerability detect on a per-user or per-domain basis.
I have the pro version
syntax please
You can add a line [EMAIL PROTECTED]OFF
I would now need to go back and try to figure out exactly what settings I
need to stop the bad stuff and allow the good stuff.
FYI, the latest advice is:
[1] Run the latest interim of Declude Virus (1.78i27 or later), and
[2] Block all encrypted .ZIP files by adding a line BANEXT EZIP to the
Try just banning encrypted zips and allowing your virus scanner to handle
issues with non-encrypted zips.
Darin.
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 1:35 PM
Subject: Re: [Declude.Virus] whitelisting?
Because I am dealing
Thanks Scott,
Best money I ever spent - Declude.
Can't say enough how much your efforts are appreciated.
:) Andy
Thumpernet
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 1:41 PM
Subject: Re: [Declude.Virus] whitelisting?
and
BANEZIPEXTS ON
is no longer needed, correct?
Thanks, Andy
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 1:41 PM
Subject: Re: [Declude.Virus] whitelisting?
I would now need to go back and try to figure out exactly
Thanks Scott,
Best money I ever spent - Declude.
Can't say enough how much your efforts are appreciated.
:) Andy
Thumpernet
Same to me !
Thank you a lot, Scott for this great product and the excellent support!
Uwe
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To:
I was wondering what if any notification are sent out when this is
caught. Is there anything needed to be changed in the global or virus.cfg
files? I downloaded and installed the latest interim release.
These are treated exactly the same as all other vulnerabilities. You do
not need
How will we block a virus like Bagle.Q that does not use an auto run
vulnerability?
There's still no attachment to hand off to the mail server's virus
scanner(s).
If the body was VERY standard, it could be pattern matched by Declude.
Add a little random action to the body (and the port used)
Great.. Thanks..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, March 19, 2004 4:13 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] OBJECT CODE vulnerability - Notifications
I was wondering what if any
Heuristics!
This was a novel, but lame attempt at exploiting a download
vulnerability. This would have been 1,000 times worse if the virus
dynamically provided a list of IP's from known infected computers. This
can be done, and eventually it will be done. The kid writing Bagle has
shown
I'm a big fan of deeper categorization. I believe these are listed in
the Experimental category presently, but due to some of the patterns in
that rule base, I actually score it lower than the others. This change
in particular though wouldn't likely affect us since Scott has been up
on the
Hi Scott, and thanks for the reply. This leads to another issue: we haven't
used your interim releases because these are either considered beta or alpha
(according to your interim page). We normally try to use only the standard
(final) releases on our production software. Following this
Like Scott said, you have to weigh the risks.
In my opinion (therefore my company's opinion) the risk of a undetectable virus
getting through, as in the case of the encrypted zip viruses, far outweighs the risk
of encountering an undetected Declude glitch in the alpha/betas. If mail flow were
Scott,
What are the recommended settings for 3.14e?
Should we add /ARCHIVE=5/SERVER/PARANOID? Anything else?
Thanks,
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send
I'm lazy (actually, just small staff, and I want to keep it that way).
I would love to find a way to give Scott Co. the way to automatically
force my installation to upgrade to the next interim release, if important.
I understand that there is a possibility that might backfire, but I think
What are the recommended settings for 3.14e?
We haven't yet changed our recommended settings for F-Prot. We just don't
have enough information yet -- we don't know what kind of false positives
may result from any changes.
-Scott
---
Declude
I would love to find a way to give Scott Co. the way to automatically
force my installation to upgrade to the next interim release, if important.
That is a good idea. There is a third party program that can automatically
upgrade to new betas and released versions, but it doesn't handle
To clarify, group 62 is experimental.
Malware is in group 55.
_M
At 05:20 PM 3/19/2004, you wrote:
I'm a big fan of deeper
categorization. I believe these are listed in the Experimental
category presently, but due to some of the patterns in that rule base, I
actually score it lower than the
25 matches
Mail list logo
