trying to install declude hijack on spooler server.
virus and spam not installed here just hijack
IMHO
Problem arises on first run of declude.exe via command prompt
C:\IMail>declude
Declude 1.81 (C) Copyright 2000-2004 Computerized Horizons.
argc<2
First time running... installing...
What I would
> >Is Deccon.exe in the \imail folder?
> >
> >
> yes it is in the base imail folder.
> Do I need the global.cfg file?
> I would not think so since this is not running the virus scan.
Now that is a interesting question.
It might need to be.
Imail hands the message to declude.exe.
Declude.exe ch
John Tolmachoff (Lists) wrote:
Is Deccon.exe in the \imail folder?
yes it is in the base imail folder.
Do I need the global.cfg file?
I would not think so since this is not running the virus scan.
This is really nuts.
I am sure I have everything in place correctly.
Greg
John Tolmachoff
Engineer/
Is Deccon.exe in the \imail folder?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Greg Hedgepath
> Sent: Friday, October 22, 2004 2:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.
John Tolmachoff (Lists) wrote:
1. Did configure logging in the hijack.cfg file?
CODEC3Fx
LOGFILE spool\_hiJack.log
LOGLEVELLOW
2. Where is it logging to?
3. Of course the SMTP service is running, otherwise no e-mail would come in
or out.
Correct I use winta
1. Did configure logging in the hijack.cfg file?
2. Where is it logging to?
3. Of course the SMTP service is running, otherwise no e-mail would come in
or out.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTEC
trying to install declude hijack on spooler server.
virus and spam not installed here just hijack
IMHO
Problem arises on first run of declude.exe via command prompt
C:\IMail>declude
Declude 1.81 (C) Copyright 2000-2004 Computerized Horizons.
argc<2
First time running... installing...
C:\IMail>
C:\I
- Original Message -
From: "Chris Patterson" <[EMAIL PROTECTED]>
> Does anyone else agree using the 32 bit command
> line scanner is better than the dos?
Absolutely! If you have it available to you (meaning you have the Windows
version of F-Prot), using it will provide a nice performanc
Yes
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Chris Patterson
> Sent: Friday, October 22, 2004 12:52 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] MyDoom.o's slipping thr
Does anyone else agree using the 32 bit command line scanner is better
than the dos?
Thanks,
Chris Patterson, CCNA
Network Engineer
-Original Message-
From: Douglas Cohn [mailto:[EMAIL PROTECTED]
Sent: Friday, October 22, 2004 2:39 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus
You should NOT use the dos scanner but instead use the Windows 32 bit
command line scanner. You would change the command to
C:\Progra~1\FSI\F-Prot\fpcmd.exe. Also there are some other changes needed
to reflect the different program. This is my current command line and I
found that fpcmd was much
I ban EXE files so it was held in the virus folder one one of my gateways.
Ah, sorry about that -- I thought that it wasn't getting blocked.
In this case, submitting the file to F-Prot is probably the best option.
-Scott
---
Declude JunkMail: The
Well, if the virus is forging the from, a user receives the zipped file,
sees it is from [EMAIL PROTECTED], says to himself hey, I know Joe, he
must have sent me a joke, opens the zip and away we go.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From:
I ban EXE files so it was held in the virus folder one one of my gateways.
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 22, 2004 12:50 PM
Subject: Re: [Declu
here is the log entry, I see the EOF, its probly corrupt. Weird thing is
that they are coming from somewhat legit addresses.
Actually:
10/22/2004 10:23:08 Q17c7227e008410aa Banning file with exe extension
[application/x-msdownload].
This line shows that Declude Virus detected that it was an .EXE
Is it not true that EXEs in zip files are inert until opened by the user?
We don't ban EXEs in zips because our users sometimes need to receive EXE
files, but we constantly remind them to not open anything that is not
verified (content expected from the sender).
What do most admins do about this
here is the log entry, I see the EOF, its probly corrupt. Weird thing is
that they are coming from somewhat legit addresses.
10/22/2004 10:23:08 Q17c7227e008410aa MIME file: archives.doc
.exe [base64; Length=156891 Checksum=20055617]
10/22/2004 10:23:08 Q17c7227e008410aa Banning file with exe ex
Since Declude does not do the actual virus scanning, there would be no
Declude virus submission address. You would submit it to F-Prot.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rick
I am seeing exe files getting by Fprot and triggering my banned EXE rule
the attachments are
archive.doc .exe
what is the declude virus submission addy?
What does the Declude Virus log file say for one of those?
You can send it to the declude.com virustrap@ address, although it is
likely that if
I am seeing exe files getting by Fprot and triggering my banned EXE rule
the attachments are
archive.doc .exe
what is the declude virus submission addy?
Rick Davidson
National Systems Manager
North American Title Group
-
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declu
20 matches
Mail list logo
