>>/PANALYZE - Turn on program heuristics.
I have been running this switch for a while and
have not seen any issues with it. I turned it on as a result of the jpeg
exploit - see http://www.mail-archive.com/declude.virus@declude.com/msg10831.html
Darrell
Subject: Re: [Declude.Virus] High CPU F-Prot
I saw F-Prot time out 3 times today in my logs, and I can't
remember that ever happening before. McAfee didn't time out
once, and that's usually the first to go. Maybe this
explains the issue. I think it's time to so
In the last 24 hours I have seen F-Prot start to use an excessive amount of
CPU. Normally it very rarely shows up in task manager and now it has been
using a considerable amount of CPU.
Thoughts?
Darrell
Comprehensive Declude Virus and Jun
Not that this solves the issue, but what if you installed Sophos first?
Darrell
invURIBL - Intelligent URI Filtering for Declude Junkmail. Blocks 85% of
SPAM with the default configurations. Try it out -
http://www.invariantsystems.com
Aaron
Without the attachments.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
Robert
DLAnalyzer 4.1.0 has been released. Version 4.1.0 is compatible with the
enhanced logging changes introduced with Declude version 4.0.6.
DLAnalyzer is a comprehensive reporting tool that integrates both Junkmail
and Virus statistics into one report. Some of the features require the
Enterpris
Yes, its very possible.
10 RBLS x 1200 emails in an hour is easily 12K hits.
The 10 RBLS is also conservative. I am sure they will end up doing what
AT&T does and just blackhole queries to certain RBL's. I would look at
setting up a local DNS server.
Darrell
Mark,
As one of the testers I can say 2.0.6 is for Imail as well.
Darrell
Mark E. Smith writes:
Will this version work with iMail as well?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, March 25, 2005 9:48 AM
To: D
FYI -
McAfee is announcing to itsâ customers who are operating on a previous
version of the McAfee VirusScan Engine (version 4320) are susceptible to a
buffer overrun when scanning LHa files.
â No action is required if your environment is currently running the 4400
Scan Engine (issued November 2004
Ben,
You are 100% correct on your diagnoses. If you had the date range set to
3/7/2005 it will read the dec0307.log file in its entirety. In the course
of programming DLAnalyzer the possibility of someone still having last years
log file in the same location where the Declude logs were gener
For those that might not be handy with the unix util's you can grab a copy
of DLAnalyzer "lite" which is free that will do this type of reporting
including analyzing multiple days worth of logs at a time.
Darrell
Check out
The odd thing on this was I had to add the "/MIME" flag to the scanner
command line in order for my systems to start catching these.
Darrell
Greg Little writes:
For McAfee users it should be caught as Bagle.BN or .DLDR
starting with this AM (4436)
4437 was just release with improved detect
I am seeing it detected as "Bagle.BL" by F-Prot. It is not being detected
by Mcafee right now.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitorin
Title: F-prot help
Mark,
When you say "on access is set to on" and then
below that you mentioned the realtime scanner was not installed. Do you
have an on access virus scanner running? Even one other than F-Prot that
may be scanning your server?
Darrell
-
Thomas,
The line you are looking for is the "Last Action"
line. The line you posted means the message triggered the ipnotinmx test
which normally is not used to punish messages. This message had a total
weight of -5. From the information provided Declude did not toss that
message. You
Yes it does.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log
Parsers.
Chris Hunt writes:
My company is mergin
FYI - Not sure about hlp, but there is an exploit with chm (windows help
files).
Microsoft Internet Explorer Fully Automated Remote Compromise
Summary: Summary
A vulnerability exists in Microsoft Internet Explorer version 6.0 on Windows
XP SP2 or Windows Server 2003 due to the combination of mu
In my opinion two scanners is a must. For yesterday here is some stats for
the virus scanners we use. While both caught almost the same amount of
viruses Mcafee caught 5 that F-Prot did not. That very well could have been
your Exploit-MIME.gen.c .
Virus Scanner Summary Report (Mcafee)
Total Me
attachments and advise the sender by return
e-mail.
Visit our
websites: http://www.syscom.be
Van:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Namens Darrell
([EMAIL PROTECTED])Verzonden: dinsdag 14 december 2004
4:28Aan:
[EMAIL PROTECTED]; [EMAIL PROTECTED]Onderwerp
DLAnalyzer version 4.0 is now
released. With version 4.0 we have
integrated Declude Virus log processing into DLAnalyzer giving you the ability
to generate one report that encompasses both spam and virus statistics. In
addition, to the virus processing we have added many other features to
lude.Virus] Virus MRTG
> > [Also I believe Darrell ([EMAIL PROTECTED]) is working on
> > a mrtg ver of a virus analyzer which does this and more... No idea
> > of a release date - ]
> > -Nick
>
> For the most part its done. I just havent posted it to the web site yet
>
Not to switch the subject, but what would be nice is the option not scan
with the other scanners once a virus is found... Than you can have scanners
that in general require less CPU like F-Prot versus Mcafee.
Darrell
---
Check out http://www.invariantsyste
Has anyone tried out 8.0i (enterprise) on their mail server? 8.0i
enterprise on the desktop seems to consume a bit more resources than 7.x
which makes me wonder how well it will do on the mail server.
Darrell
- Original Message -
From: "Wolf Tombe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTEC
Scott,
Looking at the logging in terms of vulnerabilities I noticed that under
certain circumstances it does not print out the "File(s) are Infected" line
when the vulnerability is found in the subject or from field. Is this by
design? Also, in terms of when it catches the vulnerability in som
Scott,
Looking at the logging in terms of vulnerabilities I noticed that under
certain circumstances it does not print out the "File(s) are Infected" line
when the vulnerability is found in the subject or from field. Is this by
design? Also, in terms of when it catches the vulnerability in somet
It's a virus - a new bagle variant. I am
seeing it detected by Mcafee as JS/IllWill trojan. I have seen a
signifigant increase in this virus today compared to yesterday. It was the
second most detected virus on one of our servers today.
Here is the mcafee link - http://vil.nai.com/vil/co
101 - 126 of 126 matches
Mail list logo