[Declude.Virus] MIME segment in MIME Preamble -> WHERE?

Hi, Supposedly it's in line 22, layer1: Outlook 'MIME segment in MIME Preamble' vulnerability in line 22 layer 1 [Content-Type: multipart/altern] Attached is the original SMD file from the /Virus folder. I'd like to educate the other side as to what's wrong with their email - but I fail t

RE: [Declude.Virus] mc afee 8.7 not scanning

The new virus scanner command line version now uses compressed virus signature and clean files etc. It's intended for the occasional one-time use for a situation where the command line is the only option and where you wouldn't mind to wait a minute or two for the uncompressing to be complete. Th

[Declude.Virus] Need Help - How to Rescan Messages

Hi, I had an issue overnight that caused many hundreds of messages to be moved to the /Spool/Virus folder (Q* and D* pairs) and to the /Spool/Proc/Review folder (Q* files only). Question - how to I cause these files to be rescanned (as some may be REAL Trojans). Where do I move Q/D pair

RE: [Declude.Virus] AVG reports "SPAM" as "VIRUS"!

Dave - you are right! This appears to a matter of poor "labeling" by AVG - and has nothing to do with Declude. I have since looked through a large sample of held emails and they either are well crafted short "Notices" about a supposed change in SMTP, POP settings - which even lists the person's

RE: [Declude.Virus] AVG reports "SPAM" as "VIRUS"!

ize that and NOT treat it like a virus" are rather harsh to be posting to without having all the facts to begin with. Thanks David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com

[Declude.Virus] AVG reports "SPAM" as "VIRUS"!

Hi, For the past few days, I'm seeing AVG suddenly reporting a virus "SPAM": Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 19,499 Virus Infected Messages: 232 Percentage Infected: 1.19% VIRUS # INFECTED PERCENTAGE SPAM 232 1.1

RE: [Declude.Virus] embedded AVG issue

Hi Don, Here's what I have in C:\Imail\ 11/06/2008 12:49 PM61,440 AvApiBit.dll 11/06/2008 12:49 PM61,440 AvApiSym.dll 04/29/2010 04:13 PM 834,328 avgcerta.dll 04/29/2010 04:13 PM 623,384 avgcertx.dll 04/29/2010 04:13 PM 4,250,392

[Declude.Virus] RE: Internal (AVG Scanner) does NOT report file name

Hi Dave (just in case this was overlooked in all the activity last week): Considering that AVG is integrated INTO Declude, it should interface at LEAST as good as any external scanner. However, the virus bounce message "filename" variable is NOT set when a virus is caught by AVG. Only the V

RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!

: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, April 29, 2010 11:13 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection! Declude Users - take note! CommTouch/Zerohous

[Declude.Virus] Internal (AVG Scanner) does NOT report file name

Hi, Considering that AVG is integrated INTO Declude, it should interface at LEAST as good as any external scanner. However, the virus bounce message "filename" variable is NOT set when a virus is caught by AVG. Only the Virus Name variable is populated. But when a virus is caught by th

RE: [Declude.Virus] New Release Declude 4.10.48 -- MUST Install to Reenable Virus Protection!

Declude Users - take note! CommTouch/Zerohous does a good job, but does not catch all known viruses (some days I have 5 or 6 DIFFERENT viruses/trojans sneaking by, some to multiple users each!), it's absolutely imperative that AVG works if you don't have additional scanners set up. Unfortun

RE: [Declude.Virus] ClamAV

't. I thought that was handy, too. It at least gave me a place I could kludge from, and now I know a lot more about how the product works. Just splaining where my head was and leaving a trail here in the archives in case it helps someone else. :) - Michael Cummins

RE: [Declude.Virus] ClamAV

There really is no need for ClamAid, because the recent builds (including oss.netfarm.it) already are able to install themselves as services, and the additional ClamAid DLLs will obsolete once you install the "official" version. So unless you need help adding the 3 lines to the Virus.cfg, ClamA

RE: [Declude.Virus] ClamAV

for use with Clam. The clamd/clamdscan combo are very light and fast. Take care! John On 4/28/2010 1:13 PM, Andy Schmidt wrote: > Generally, ClamD catches most viruses that AVG misses (during those times > when it actually runs), and McAfee catches the occasional virus that ClamD

RE: [Declude.Virus] ClamAV

Generally, ClamD catches most viruses that AVG misses (during those times when it actually runs), and McAfee catches the occasional virus that ClamD misses. ClamD downloads updates automatically (using the FreshClam). I found the http://oss.netfarm.it/clamav build very useful. I don't recall an

RE: [Declude.Virus] Testing Internal Scanner

...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, April 28, 2010 8:16 AM To: declude.virus@declude.com Subject: [Declude.Virus] Testing Internal Scanner Hi, I've been watching this now for a few months. The internal scanner NEVER ever catches a virus - while m

[Declude.Virus] Testing Internal Scanner

Hi, I've been watching this now for a few months. The internal scanner NEVER ever catches a virus - while my two other scanner catch them daily. However, since CommTouch doesn't allow the Eicar file to pass, there is no way to easily test the internal scanner. I think this is something tha

[Declude.Virus] ClamAV 0.96 Released - Now a native Windows Port!

"Native Windows Support: ClamAV will now build natively under Visual Studio. This will allow 3rd Party application developers on Windows to easily integrate LibClamAV into their applications." http://www.clamav.net/lang/en/2010/04/02/announcing-clamav-0-96/ Also: "ClamAV for Windows Released"

RE: [Declude.Virus] Commtouch/Temp files going back to last year?

enior systeembeheerder tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 <mailto:b.blok...@tio.nl> b.blok...@tio.nl / <http://www.tio.nl/> www.tio.nl - Original Message ----- From: Andy Schmidt <mailto:andy_sch

RE: [Declude.Virus] Commtouch/Temp files going back to last year?

clean up these temp files." David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sen

RE: [Declude.Virus] Integrated Sniffer

Thanks >> If the rulebase does not properly authenticate in the SNF engine then the reload is rejected. Once the guard time expires the update script will be run again (by default after 3 minutes). << Which also means, if the corrupt rulebase persists and the server or services happen to be resta

RE: [Declude.Virus] Integrated Sniffer

ch 19, 2010 1:22 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] How to disable CommTouch Zerohour (for testing) On 3/19/2010 11:26 AM, Andy Schmidt wrote: > Thanks - downloaded and installed. > > I'll have to take a look at the integrated Sniffer. I got pulled away and > n

RE: [Declude.Virus] How to disable CommTouch Zerohour (for testing)

o try switching out the decludeproc.exe and testing to see if the issue is resolved. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On

RE: [Declude.Virus] Commtouch/Temp files going back to last year?

st year? These are cached CT files. I will find out when the can be deleted and get back to you. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp.

RE: [Declude.Virus] How to disable CommTouch Zerohour (for testing)

Declude 4.6.35 Diagnostics Compilation Platform: IMail Copyright (c) 2000-2009 Declude, Inc. Host Name MAYWOOD-IS-0012.WEBHOST.HM-SOFTWARE.COM Daisy Chain smtp32.exe DNS Server 127.0.0.1 Product Details JunkMail

RE: [Declude.Virus] How to disable CommTouch Zerohour (for testing)

rt so we can disable it for you for testing. Let us know when you want to do it. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, March 18, 2010 11:29 AM To: Declude.virus@declude.com Subject: [Declude.Virus] How to disable CommTouch Zerohour

[Declude.Virus] Commtouch/Temp files going back to last year?

Hi, That folder has over 1,000 files, some several MB large, CTM*.tmp, CTENG*.tmp and CTENG*.dat. How "old" do these files have to be, before I can safely delete them? Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail t

[Declude.Virus] How to disable CommTouch Zerohour (for testing)

Hi, I want to test the virus scanners using EICAR. However, CommTouch gets in the way and blocks it. How do I temporarily disable CommTouch in Declude Virus, so that the EICAR file is handled by the interna/external scanners? Best Regards, Andy --- This E-mail came from the Declude

[Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?

Hi, I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after investigating, I now realize it no longer traps any Spam. There were NO changes to any .CFG (or other Declude files). I'm enclosing the most recent Diags.txt (from 6/18, where CommTouch was ON) and then one from to

[Declude.JunkMail] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?

Hi, I noticed that ZeroHour stopped catching any viruses after 6/28 - and, after investigating, I now realize it no longer traps any Spam. There were NO changes to any .CFG (or other Declude files). I'm enclosing the most recent Diags.txt (from 6/18, where CommTouch was ON) and then one from to

RE: [Declude.Virus] ZEROHOUR, scanner order

. Secondly you are correct about the developer who integrated Commtouch. This was before I took over the managment of Declude and it is suffice to say he is no longer with Declude either. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, June 08

RE: [Declude.Virus] ZEROHOUR, scanner order

Hi David: Thanks. The Global.cfg configures the Declude.Junkmail - but you said it was implemented as Declude.Virus. So any configuration would go into the Virus.cfg file. It seems to me as if it's implemented in some fashion in both ends. >> In the Declude EVA the ZEROHOUR is part of the i

RE: [Declude.Virus] ClamAV

Hi David: The best is http://oss.netfarm.it/clamav - because it's the same one ClamWin is using and it's kept up-to-date. I don't recall any installation difficulty. It did have a successful installer and is able to install itself as a service. There is a .REG file that sets up a registry entry w

[Declude.Virus] ZEROHOUR, scanner order

Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Sunday, June 07, 2009 6:07 PM To: declude.junkm...@declu

RE: [Declude.Virus] CommTouch

't be offended. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, June 04,

RE: [Declude.Virus] CommTouch, External Scanners, Marketplace

t;. There's only so much "up front investing" that your investors (=customers) are willing to do before they want to see results. Best Regards, Andy Schmidt From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Thursday, June 04, 2009 10:0

RE: [Declude.Virus] Internal Scanner missing most viruses

21,119 Virus Infected Messages: 0 Percentage Infected: 0.00% VIRUS # INFECTED PERCENTAGE No Records Matched Your Criteria Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 13, 2009 11

RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?

ROHOUR Antivirus + Spam definitions Total: $395 So you have a whole lot more for less money, and yes you are complaining. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, June 03, 2009 1:12 PM To: declude.virus@declude.com Subject

RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?

maxed what are my options ..? Suggestions ? David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, June 03, 2009 12:42 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Declude Virus inoperable for 13% of th year? Let

RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?

I think taking a software company to task on their lack of control DOES benefit all users technically! I didn't introduce pricing and staffing into this discussion - YOU did! Now you take me to task for responding to your pricing/staffing issues that YOU raised? >> Let's not forget you are

RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?

That's the point of the discussion. Declude added a hard-coded end-time but didn't add a handling mechanism that deals with the event when (not IF) the end-time was absolutely going to occur on the predescribed date. Consequently there were/are only indirect ways to find out: - Inf

RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?

.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, June 03, 2009 9:08 AM To: declude.virus@declude.com Subject: [Declude.Virus] Declude Virus inoperable for 13% of t

RE: [Declude.Virus] Declude Virus inoperable for 13% of th year?

ain. Considering the market and what other vendors charge how much more are you prepared to pay for your service agreement so that we can meet this type of requirement ? David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:db

[Declude.Virus] Declude Virus inoperable for 13% of th year?

Hi, Dave - so now that we have a working Declude Virus again, what can be done to prevent this from recurring. a) Apparently Declude Virus has no error tracking in place at all - otherwise it would have REPORTED to us (or your own Declude to your own mail server) that the AVG API was

RE: [Declude.Virus] Internal Scanner missing most viruses

# INFECTED PERCENTAGE No Records Matched Your Criteria Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 13, 2009 11:45 AM To: declude.virus@declude.com Subject: [Declude.Virus

RE: [Declude.Virus] Internal Scanner missing most viruses

Hi Andrew: >> scanner being the main line of defense is dead . . . it's just that most people don't know it yet<< Well - today there were 80 or so infected emails that would have gone through. While AV scanning may not be the "main line", it certainly is still a crucial element. Just ONE em

RE: [Declude.Virus] Internal Scanner missing most viruses

e.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 13, 2009 11:45 AM To: declude.virus@declude.com Subject: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal Hi, For a while, AVG was doing an adequate job - but recently it again has been missing virtually all infe

[Declude.Virus] Internal Scanner missing most viruses

Hi, For a while, AVG was doing an adequate job - but recently it again has been missing virtually all infected emails that ClamAV and the trusted McAfee are identifying. I inspected several of the held files - and each one clearly was a life virus (e.g., inside a ZIP attachment etc.)

RE: [Declude.Virus] OT - looking for a command line email tool - with attachments

Hi Alex, I can't imagine that any email tool that is able to send an attachment would go inside your PDF file and certainly wouldn't "delete" anything (such as the embedded font) out of the single attachment. I rather would expect that there is a difference in the environment on the server and

[Declude.Virus] Ouch AVG is missing new Viruses again, big time!

PWS-ZBOT TROJAN !!! 31 0.14% GENERIC PWS.Y TROJAN !!! 4 0.02% Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an

[Declude.Virus] Parsing of Report.txt

--- c:\maintenance\eicar.com: Eicar-Test-Signature FOUND Thanks in advance. Best Regards, Andy Schmidt www.Anamera.com // RunClam.js // Launches ClamD and reformats output to compensate // for Decludes inability to correctly parse the report // (Declude is no longer

RE: [Declude.Virus] AVG update

Thank you - that is helpful for our understanding. Would it be practical to take the "human element" out of the loop and just have a scheduled script use WGET or similar batch application check for an updated file on their HTTP server every hour? If the returncode indicates a new file, download it

RE: [Declude.Virus] Force AVG update

David Dodell Sent: Saturday, December 27, 2008 2:15 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Force AVG update On Dec 27, 2008, at 9:59 AM, Andy Schmidt wrote: > Hi, > > The general experience has been (as reported by several individuals > in two > different list

RE: [Declude.Virus] Force AVG update

Hi, The general experience has been (as reported by several individuals in two different lists over the past 3 months), that the Declude AVG updates are frequently 48 hours behind - which means they are only effective for "old" viruses. I even posted the stats for several days where it showed that

[Declude.Virus] AVG always misses W32/Bagle.fe!pwdzip and is very late with new variants

" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="price05-Dec-2008.zip" [content suppressed ] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To

RE: [Declude.Virus] Invalid Zip Vulnerability

John T Sent: Thursday, March 06, 2008 10:54 AM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Invalid Zip Vulnerability No name, just the extenesion? John T eServices For You -Original Message- From: "Andy Schmidt" <[EMAIL PROTECTED]> Sent 3/3/2008 9:30:

[Declude.Virus] Invalid Zip Vulnerability

Hi, I checked your KB - and it doesn't document that vulnerability: http://support.declude.com/Customer/KBArticle.aspx?articleid=25 &KBSearchID=11699 I checked your manual - and it doesn't document that vul

[Declude.Virus] Message without Body Held as "Header" Vulnerability?

Hi, "Test1" (attached SMD file) is a message with a subject but without a body. It is held by Declude Virus with the "Non Standard Header" vulnerability. However, the SAME message "Test2" WITH a body is let through (see bottom of this posting). The header appears the same - so if the header trul

RE: [Declude.Virus] RE: IMmail 2006.23 release notes

Some of us believe that it is the IMail1.exe executable that Declude uses and not the IMail.exe executable that is being discontinued. Regardless, if Declude stopped using IMail1.exe, it could generate bounces with a null sender, and that's long overdue. Matt Andy Schmidt wrote: Darrel

[Declude.Virus] RE: IMmail 2006.23 release notes

Darrell, I think they are using SOME Imail mailer to send the Virus, Bounce and Postmaster notifications. However, I DO believe there is some confusion between the .EXE that is the mailer vs. the old .EXE that is a mailbox CLIENT software. (There used to be an Imail client where you could read/re

[Declude.JunkMail] RE: IMmail 2006.23 release notes

Darrell, I think they are using SOME Imail mailer to send the Virus, Bounce and Postmaster notifications. However, I DO believe there is some confusion between the .EXE that is the mailer vs. the old .EXE that is a mailbox CLIENT software. (There used to be an Imail client where you could read/re

[Declude.Virus] RE: [Declude.JunkMail] 4.3.46

Dave, Lots of confusion here: a) the subject refers to 4.3.46 - which shows up on my "customer" screen as the latest RELEASE b) however, that's less than the "interim" 4.3.57 that is shown on my customer screen? c) the body of your email refers to 4.3.64 - which would make more sense. Except, T

RE: [Declude.JunkMail] 4.3.46

Dave, Lots of confusion here: a) the subject refers to 4.3.46 - which shows up on my "customer" screen as the latest RELEASE b) however, that's less than the "interim" 4.3.57 that is shown on my customer screen? c) the body of your email refers to 4.3.64 - which would make more sense. Except, T

RE: [Declude.Virus] Partial Vulnerability test failures on legitmate email

Hi, Actually, the "Partial/Fragmented Vulnerability" is one that ideally should be left in place. I'm not certain that this test can be circumvented individually - at least it's not on this list: http://www.declude.com/Version/Manuals/EVA/EVA_4.0.8.asp. Before HTML messages and picture atta

[Declude.Virus] Interim .62 triggered Blank Folding on this one and other emails

Other emails from this same Thunderbird 2.0.0.6 user, using the same smtp relays, were also blocked. File: "[No attachment]" Result: Found[Outlook 'Blank Folding' Vulnerability] -Original Message Headers- Received: from smtp.webhost.hm-software.com [63.107.174.32] by hm-software.co

RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties

1:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 1

RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties

Andy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, October 04, 2007 9:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a diff

RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties

EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, October 05, 2007 12:15 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties I have not reverted to .57, I have disabled this vulnerability in the Virus.cfg for now to see what

RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties

ehalf Of David Barker Sent: Friday, October 05, 2007 11:27 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Ok so if you revert to .57 the issue goes away correct. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of

RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties

I did not have this problem with .57. So we can rule out .46. Sorry, jumped right from .57 to .62 - so can't say if it was introduced with .59 already. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, October 05, 2007 10:49 AM To: declude.virus@decl

RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties

Hi Dave, Well, I dropped in 4.3.62 in the afternoon and throughout the afternoon was getting reports from people using VARIOUS email systems (not limited to Yahoo's mail service), that just happened to be the one that I had at my finger tips. I can also say that it happened to people sendin

RE: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties

ehalf Of Andy Schmidt Sent: Thursday, October 04, 2007 6:53 PM To: declude.virus@declude.com Subject: [Declude.Virus] 4.3.62 countless false positives for vulnerabilties Hi, I put in 4.3.62 in this afternoon (was running a different interim from a few months ago). Since then I had num

[Declude.Virus] 4.3.62 countless false positives for vulnerabilties

D Robinson <[EMAIL PROTECTED]> > Subject: Fw: Our Virus Firewall has Rejected Your Email! > To: Michael Page <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="0-1745477977-1191536601=:15605" > Message-ID: <[EMAI

[Declude.Virus] Incomplete MID Logging!

Hi, I have confirmed that Declude Virus is handling infected/suspicious files correctly - but if you look at the "MID" level log - you really don't get that impression and end up having to waste time chasing a multitude of logs. Case 3 and 4 document what Declude logs when either the built

[Declude.Virus] AutoForge feature

Hi, Can someone at Declude please add W32/Zhelatin.gen!eml to the AutoForge? -Original Message- The message with the subject of "You've received an ecard from a Class-mate!" carried a virus: File: "Unknown File" Result: Found the W32/Zhelatin.gen!eml For more information see http:

RE: [Declude.Virus] ClamAV lstat() failed. ERROR

Gary, I'm not sure I understand your point. What you define in Virus.cfg, e.g.: SCANFILEC:\Progra~1\Common~1\Networ~1\Engine\SCAN.EXE /LOAD D:\IMAIL\Declude\SCAN.CFG is only the START of the command line, to which Declude appends the full path for the file it tries to scan. So, if you de

RE: [Declude.Virus] Clam AV vs. AVG vs. McAfee

That's my experience too. I update McAfee hourly - which helps with new outbreaks. It's the last scanner in sequence and always manages to catch viruses that the internal didn't. (Of course, I don't know if there are virus that the internal caught that McAfee might have missed.) From: [EMAIL PR

RE: [Declude.Virus] I'm currently on a business trip down south and will be returning January 5th, 2007. If t

So - shall we all call that emergency number and ask that he turn off his vacation notice, or shall we just fake the return address an unsubscribe him since the Declude staff is not taking action? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206

RE: [Declude.Virus] Sender.eml was sent even though forging virus?

Oh? I've never had the problem with my external McAfee scanner. Could this be a problem with Declude's internal AVG scanner? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

[Declude.Virus] Sender.eml was sent even though forging virus?

Hi, My "sender.eml" has the line: SKIPIFFORGING And my virus.CFG has: AUTOFORGE ON FORGINGVIRUS Anonymous Driver FORGINGVIRUS Antiman FORGINGVIRUSAvril FORGINGVIRUSBagle Yet, declude virus just sent the "sender.eml" for the following details: File: "Unknown File"

[Declude.Virus] AUTOFORGE

Hi,   is this still being actively maintained?   If so,     W32/Stration.dldr should be added as forging. Based on bounces that I'm seeing (from inbound-only mailboxes on our domain) it is forging the sender. Best RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 (Business)Fax:    +1 201 934

[Declude.Virus] AUTOFORGE

Hi,   is this still being actively maintained?   If so,     W32/Stration.dldr should be added as forging. Based on bounces that I'm seeing (from inbound-only mailboxes on our domain) it is forging the sender. Best RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 (Business)Fax:    +1 201 934

RE: [Declude.Virus] 4.2.20 Error in Log

There is a parameter in the Virus.cfg to disable the internal scanner. I don't have it in front of me, but it was in the comments just below the external virus sample. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message-

RE: [Declude.Virus] 4.2.20 Error in Log

Do you have a second/external scanner defined. May be the internal scanner (AVG) deletes an attachment and then Declude complains that its gone when it tries to launch the secondary? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original

[Declude.Virus] RE: Trying to install Declude 4.2.20

igher scanner number IS defined. At least, it should indicate a meaningful configuration error, such as "Scanner nnn not defined - this and all subsequent scanneres are skipped". Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message-

[Declude.Virus] Ambiguous Virus Scanner ID in log

20 - or my EXTERNAL McAfee Scanner? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".

RE: [Declude.Virus] language specific messages

Hi, I kill most of the incoming mail (with help of Sniffer). I've never seen a complaint by an innocent users, but occasionally educate a corporate end user or manager about the incompetence of his/her I/S department. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:

RE: [Declude.Virus] language specific messages

Example attached (sorry, German/English in this case). Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, February 23, 2006 02:12 PM

RE: [Declude.Virus] Changes @ Declude

Clear enough for me. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Simpson Sent: Sunday, February 12, 2006 03:26 PM To: Declude.Virus@declude.com Subject

RE: [Declude.Virus] Changes @ Declude

Hi Kevin,   I understand what you're saying - you believe Declude 4.0 is really just a "Declude 3.x Suite" vs. the Declude 3.x "legacy products". New customers can only purchase the Suite, while old customers will continue to upgrade their individual products. The code base is the same.   

RE: [Declude.Virus] Changes @ Declude

Has anyone figured out yet WHAT exactly Declude 4.0 IS?   I'm looking around on the web site (figured, it's been days since I receive the notice that it's available), but I still haven't seen anything on the web site that tells me what my extra money would be buying - or, what it is I'd be m

[Declude.Virus] Hardware Issue -- NOT!

Hi David:   Thanks for acknowledging the hardware problem. However, I don't think anyone here really would be too upset about hardware problems on your end - if it didn't uncover what appears to be a HUGE software problem? It's the Declude SOFTWARE that deactivates/downgrades itself, if we a

RE: [Declude.Virus] 3.0.5.10

hat was wrong with a release I just installed a day earlier by looking at whatever is fixed in the new release. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

[Declude.Virus] FW: AVERT Medium Threat Advisory: W32/[EMAIL PROTECTED]

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: AVERT Medium Threat Advisory: W32/[EMAIL PROTECTED] Advisory This is a Medium Threat Advisory for W32/[EMAIL PROTECTED] Justification W32/[EMAIL PROTECTED] has been deemed Medium due to prevalence. Read Abou

RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted

he "proc" folder and another process doesn't handle that error condition right - who knows.) Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hay

RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted

e, then I might give it try to see if I get lucky. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman Sent: Thursday, September 22, 2005 08:44 PM To

RE: [Declude.Virus] Declude Beta 3.0.4.4 Posted

declared "successful" when an entire class of machines is only working with a bandage. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent:

RE: [Declude.Virus] Sudden Internet Slowdown

Can you wait 7 minutes? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, September 09, 2005 02:09 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Sudden Internet Slowdown Since when is Maine no longer in

RE: [Declude.Virus] Limit Size of message to be scanned?

How do you prevent DoS attacks by someone sending a 405 MB attachment 100 times to a list of 10 cc's over a weekend, when it's likely not to be read? Best RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 (Business)Fax:    +1 201 934-9206   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

RE: [Declude.Virus] .EML file syntax

Title: Message Uh - thanks - got it.  Now that I read how you phrased the question I see how the original poster meant it. Best RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 (Business)Fax:    +1 201 934-9206   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan HorneSent:

  1   2   3   >