Yes, it is v1.78i27 and yes the zip file had 0 bytes and nothing in the zip
file. Should I be alarmed? Here is a example of the BANEXT config in my
declude virus.cfg file. Let me know if this is wrong.
# The BANEXT option will let you ban file extensions. E-mails containing
attachments
# with
Responding to several posts:
I am member of the mailing lists of Sophos, NAI, Symantec, and eAladdin.
I get enough info on new viruses. Everyone is free to do also, you do
not need to have a product from these companys.
I too receive notifications from Sophos. However, I would not send that
John -
Thinking about it some more, I think it might be the same. You can choose
to have that notification go to your pager. I could choose to have that
notification spawn a script. Scott only has to maintain one list.
After you got that notification, you could choose to login to your servers
done.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 03/22/04 10:03AM
178i28. I did catch one Object Data on 3/18.
Would it be possible to E-mail the D*.SMD file to the declude.com
virustrap@ address?
-Scott
---
Yes, it is v1.78i27 and yes the zip file had 0 bytes and nothing in the zip
file. Should I be alarmed?
No, you should not be alarmed. If it is a 0-byte file, it can't contain a
virus. In this case, it was not an encrypted .ZIP file, so it was not blocked.
Thinking about it some more, I think it might be the same. You can choose
to have that notification go to your pager. I could choose to have that
notification spawn a script. Scott only has to maintain one list.
Could this be a case of having our cake and eating it too!?
Yes, but. (There
Has there been a conclusion as to what the command line should be for
fpcmd.exe?
Our recommended settings are the same as before, as they should catch any
known virus. Unless we have reason to believe that some of the new options
have a good chance of catching new viruses *and* that they are
I did some testing this weekend (trying to isolate the error 8 in virus
scanner), and when I would run the fpcmd agains a known virus in the
spool/virus directory, the /server switch was used regardless of it
being in the command line. By the way, we still get the error 8 in
Virus scanner 1.
Hello,
Was wondering if there is anyway to test and make sure Declude is
catching this?
Thanks..
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Matt
Sent: Friday, March 19, 2004 4:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] How do we block the next Bagle?
Heuristics!
This was a novel, but lame attempt at exploiting a download
Sorry about the slip of the mouse that caused the prior reply with no new
message ...
My question regards the comment below: it's easy to write a filter to block
something that is IP linked to port 81. Is this referring to the IPLINKED
feature in JM? If so, could you provide a brief example of
Was wondering if there is anyway to test and make sure Declude is
catching this?
There isn't a way yet, but we plan to add one to the Test Virus Sender at
http://www.declude.com/tools .
-Scott
---
Declude JunkMail: The advanced
I'm running Declude 1.78i27
I'm running FProt 3.14e
I just had a customer send me an email that they received that was questionable, and
Norton on my desktop caught it as [EMAIL PROTECTED] -- which has been out for a couple
of weeks.
Since this is an encrypted EXE inside of a zip file, it
I'm running Declude 1.78i27
I'm running FProt 3.14e
I just had a customer send me an email that they received that was
questionable, and Norton on my desktop caught it as [EMAIL PROTECTED] -- which
has been out for a couple of weeks.
Since this is an encrypted EXE inside of a zip file, it
This didn't make it through the first time, so I am sending it along
again without the content that probably tripped the filters.
Matt
Original Message
Bill,
IPLINKED is of course a custom filter and not a standard feature of
Declude. That filter would score points on
Was wondering if there is anyway to test and make sure Declude is
catching this?
There is now a test file at the Test Virus Sender at
http://www.declude.com/tools that will test this vulnerability.
-Scott
---
Declude JunkMail: The
16 matches
Mail list logo