In my email reports, is there a way to also signify which scanner caught the
virus; ie internal vs one of the external scanners?
so my reports now look like;
Declude Virus v4.6.35 caught the following:
Virus Name: Sanesecurity.Junk.26145.UNOFFICIAL
Virus File: Unknown File
From: lyris-nore.
eware" to
reformat the Report file before feeding it to Declude. If you don't
care
about names, then this isn't necessary.
Best Regards,
Andy
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David
Dodell
Sent: Monday, June 08, 2009 12:
I'm using an older version of ClamAV that needs to be updated as a
backup scanner.Unfortunately, it is no longer being developed.
Has anyone tried the ClamID from ArmResearch or any other version of
ClamAV that is current that works with Declude?
David
---
This E-mail came from the De
G DATA
Never heard of this G DATA that was at the top of the list ... anyone
familiar if they offer a command line scanner that will work with
Declude?
David
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type
As posted already, I have now tried THREE variations of ClamAV, and
played around with the scanfile in virus.cfg to never get this to
work ... it appears that Declude can not find the report file ever ...
Since the variation of ClamAV has always worked fine from the command
line, I know the
Still having a problem getting ClamAV to work ... this is what i have
in my virus.cfg
SCANFILE1 C:\imail\declude\clamav\runclamscan.exe log=1 C:\imail
\declude\clamav\clamdscan.exe --quiet -l report.txt
VIRUSCODE1 1
REPORT1 FOUND
But my virus logs show this error; any ideas???
David
---
1
Still having a problem getting ClamAV to work ... any new
suggestions ... this is what my virus.cfg configuration looks like:
SCANFILE1 C:\imail\declude\clamav\runclamscan.exe log=1 C:\imail
\declude\clamav\clamdscan.exe --quiet -l report.txt
VIRUSCODE1 1
REPORT1 FOUND
But the declude virus
On Dec 29, 2008, at 8:18 AM, Scott Fisher wrote:
I use the runclamscan program to call clamav. Here's my virus.cfg
lines
SCANFILE1 c:\clamav\runclamscan.exe log=1 C:\clamav\clamdscan.exe --
quiet -l
report.txt
VIRUSCODE1 1
REPORT1 FOUND
Scott, the version of clamdscan I have did not have
On Dec 28, 2008, at 10:28 AM, David Dodell wrote:
(2) In my virus.cfg I have
scanfile c:\imail\declude\clamav\clamdscan.exe --quiet -l report.txt
viruscode 1
report FOUND
(3) In my logs it reports
Could Not Parse String FOUND in report.txt
Error 2 in virus scanner 1
Scanned: Error in Virus
On Dec 28, 2008, at 8:36 AM, Hirthe, Alexander wrote:
http://www.mail-archive.com/declude.virus@declude.com/msg14082.html
Ok, thanks for the excellent beginning ... I'm using the Clamav-win32
from sosdg.org
Freshclam installed all the latest files just fine
Got it all installed ... but s
On Dec 27, 2008, at 9:59 AM, Andy Schmidt wrote:
Hi,
The general experience has been (as reported by several individuals
in two
different lists over the past 3 months), that the Declude AVG
updates are
frequently 48 hours behind - which means they are only effective for
"old"
viruses. I
Anyway to force declude to update the AVG files ... my dates run from
12/17 to 12/23 ... are these really current dates?
David
(I have my update frequency set at every 2 hrs)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.co
On Dec 25, 2008, at 9:34 PM, David Dodell wrote:
I've been seeing viruses get through our Declude/AVG end over the
past few months ... they are being caught on the Desktop by F-Prot.
I look at the files in the declude/scanner/AVG directory, and the
last one is updated 12/23, two day
I've been seeing viruses get through our Declude/AVG end over the past
few months ... they are being caught on the Desktop by F-Prot.
I look at the files in the declude/scanner/AVG directory, and the last
one is updated 12/23, two days ago ... while AVG website says their
last update was 12
Been using F-Prot version 3 for years ... and now getting notices to
upgrade to version 6.
Anyone done this yet, and is it still compatible with Declude/Imail,
etc?
David
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], a
On Dec 18, 2006, at 9:27 PM, Ncl Admin wrote:
Down here as well on two different circuits. Tracert times out in
Germany somewhere or other.
Obviously a good reason to be running multiple scanners.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-m
I haven't seen a good connection from F-Prot for about 24 hours ...
just checked for their website, can't connect there.
This is on our primary Sprint connection.
Tried our backup DSL from Qwest that is totally separate (we use for
testing etc) and can't connect there either ...
Anyone els
-Original Message-From: "John T (Lists)" <[EMAIL PROTECTED]>
What happens if you restart the Queue
Manager service?
-Original MessageOk, just did that a few seconds ago to see if that helps ... but why would only the virus notifications be put in the spool as GSC files
-Original Message-I just realized I haven't been seeing any notifications for the past few weeks from my Declude software showing it had stopped a virus.I checked the virus log on the server, and it shows it is stopping several virues a day.---I just checked the spool directory ... there
I just realized I haven't been seeing any notifications for the past
few weeks from my Declude software showing it had stopped a virus.
I checked the virus log on the server, and it shows it is stopping
several virues a day.
Is there a switch now that turns off/on virus notification in decl
> I would like to suggest a new feature to be added to the virus
> notification capabilities.
> I need to be able to specify a per domain recip.eml file. This way I can
> tailor the notifications to each domain as appropriate. These files
> should be in the domain subdirectory along with the $defa
I have the latest version of Declude installed ... have the new virus
set to update every 2 hours ... but my latest DB files are dated
5/25/06 ... I've seen F-Prot update several times in the past 6
days ... but nothing from AVG ... doesn't make sense ... is there
still a problem with the i
ED]>Sent 5/26/2006 5:41:18 AMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] AVG Database file dates?Mine are:Avi7.avg 2/21Incavi.avg 5/25Microavi.avg 5/18Miniavi.avg 5/22We just upgraded to declude 4.2.12. > -Original Message-> From: [EMAIL PROTECTED] > [mailto:[EMAIL
We just started to use the AVG internal scanner with F-Prot as a
backup ... since I have no comparison, just wanted to make sure my
files were up to date;
I have
avi.avg 2/21
incavi.avm 5/25
microavi.avg 5/10
miniavi.avg 5/25
Does that match?
---
This E-mail came from the Declude.Virus
All of my email virus notifications are all of a sudden stuck in the
Imail queue as GSC files ... I'm using the latest declude with Imail
9.01
No changes to the server and till last night was working fine ... how
do I "unstick" GSC files?
-
Internet Dental Forum www.internetdentalforum.org
D
Monday, November 14, 2005, 10:50:00 PM, John T (Lists) wrote:
> Sophos is now calling it Sober-R.
Possible variation received this morning ... the text discussed
receiving a problem email, and the attachment was email_photo.zip
---
This E-mail came from the Declude.Virus mailing list. To
unsubs
> I use F-Prot 1, McAfee 2, Clam 3
What version of McAfee do you use?
David
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
> I am running IMail 8.21/Declude 3.0.5.18. My queue retry timer is set to 30
> minutes. And both postmaster and recipient virus notifications are being
> delivered immediately.
Strange ... the only difference is I'm running Imail 8.05 ... my
service contract arrives Monday to upgrade to 8.21 .
> My virus caught messages are being delivered right away with version
> 3.0.5.18.
Bill, are you using Imail? If so, how fast is your queue being
retried since it appears to be tied to that
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [E
Saturday, November 5, 2005, 2:13:21 PM, Darrell ([EMAIL PROTECTED]) wrote:
> I caught that in the later thread. On my system I see the same behavior
> where the gsc/gse will get processed by the next queue run as well. I do
> seem to remember in older versions that they were tried to be delive
Saturday, November 5, 2005, 1:43:11 PM, Darrell ([EMAIL PROTECTED]) wrote:
> When you say messages are getting stuck in the spool do you mean after they
> are processed by Declude? When you upgraded to Declude 3.x did you replace
> the declude.exe file?
As I mentioned in another post, it appear
Saturday, November 5, 2005, 1:42:02 PM, Darrell ([EMAIL PROTECTED]) wrote:
>> Also, in the Command AVAFTERJM OFF
>>
>> I assume this means it SCANS viruses first, then the junkmail?
> No it actually scans for viruses after junkmail.
Ok, I turned it on since I want it to scan for viruses BEFORE
j
It appears that the virus is being intercepted and deleted right away,
but the message being generated from the postmaster.eml file is
created as a GSC file, and sits in the \imail\spool file for about 30
minutes till it is processed ... which kinda makes sense since I have
my queue running at 30 m
Saturday, November 5, 2005, 12:50:59 PM, Bill Landry wrote:
> Strange, what do the IMail logs says about these particular messages?
Yep, it is strange .. it is taking about 20 to 30 minutes from once
the message is scanned till the Email message is being generated.
The log looks normal, but don
> What specific 3.x version did you upgrade to? The latest is 3.0.5.18.
Yes, I am at 3.0.5.18 just downloaded this morning from the website.
> Bill
> - Original Message -
> From: "David Dodell" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, No
It appears it is generating out the messages, but the messages are
being held as GSE and GSC files, and then taking a long time to
process, where it used to be instant before ???
David
-
Internet Dental Forum www.internetdentalforum.org
Dentalcast Podcast www.dentalcast.net
---
This E-m
> I noticed that my virus scanner is no longer sending me notices when
> it intercepts a virus ... before I used to get email notice from
> declude that a virus, and/or spam was intercepted, but now that seemed
> to have stopped ... is there a switch I need to turn on / off?
It appears messages ar
I just upgraded my software from Declude 1.82 to 3.x today ..
I noticed that my virus scanner is no longer sending me notices when
it intercepts a virus ... before I used to get email notice from
declude that a virus, and/or spam was intercepted, but now that seemed
to have stopped ... is there a
After many years of using Virus Standard, I upgraded to Virus Pro to
take advantage of a second scanner. I've scanned the previous
threads on what others like for a second scanner to F-Prot, but can't
seem to find any common thread ...
So I would appreciate what seems to be the next most popular
Thursday, August 11, 2005, 11:43:50 PM, Colbeck, Andrew wrote:
> David, with your version of Declude Virus, you'd have to turn off all 10
> of the CR vulnerability checks at one go. I'm at the same or similar
> version, and that's what I've decided to do. This directive goes in
> your virus.cfg:
John, if I turn "it" off ... what else is being turned off, all of the
vulnerability tests?? I couldn't even find a switch for that ...
-- Original Message --
From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]>
Reply-To: Declude.Virus@declude.com
Date:
Thursday, August 11, 2005, 8:50:32 PM, Matt wrote:
> With 2.0.6.16, which is available from the Declude site, you can turn
> off the Outlook CR Vulnerability. I have turned off all but a couple of
> these because of numerous false positive issues.
Unfortunately, I'm still at 1.82 due to budget
Had email from a company today (Photodex) rejected due to the Outlook
'CR' Vulnerability but from the headers it looks like the email
originated from Thunderbird as the email client ... see headers below
...
Is it time to drop the Outlook vunerbility test??
David
Received: from eman.photodex.com
My machine keeps sending out viruses notices for the Swen virus.
I have:
SKIPIFVIRUSNAMEHAS Swen
in the top of my otherpostmaster.eml file.
I also have:
FORGINGVIRUS Swen
In my virus.cfg file.
Am I missing something why the notices are still sent out?
David
---
[This E-mail was scanned
From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]>
>CPL files should be banned no matter what.
John, I am ... was more curious why they aren't being caught as viruses ... I even
took one and scanned it manually with f-prot and it came up clean.
David
---
[This E-mail was scann
Our virus definitions from F-Prot are up to date, but still seeing multiple CPL files
passing through. I decided to block them using the Ban Extension.
Are these CPL files actually infected, or corrupted so the virus scanners aren't
detecting them?
David
---
[This E-mail was scan
-- Original Message --
From: "R. Scott Perry" <[EMAIL PROTECTED]>
>http://www.declude.com/interim and add a line "BANEXT EZIP" to your
>\IMail\Declude\virus.cfg file).
>
Scott, I've noticed a lot of my BANEXT EZIP files are sending out notifications, whic
Can someone send me a copy of their Bannotify.eml ...
David
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus
No, nothing ... I just installed F-Prot in the it's update mode ... no changes made to
the declude files at all.
David
-- Original Message --
From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]>
>Did you change anything in the scan line?
>> -Original
Just installed the new version of F-Prot c ... now my log is showing
the following:
02/24/2004 20:50:11 Q1b67002602988c25 Could not find parse string Infection: in
report.txt
02/24/2004 20:50:11 Q1b67002602988c25 Error 5 in virus scanner 1.
02/24/2004 20:50:11 Q1b67002602988c25 Scanned: Error in
-- Original Message --
From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]>
>Did you change anything in the scan line?
Just checked my logs, and it appears to be working ok ... just got two interceptions
with the usual service message of:
Declude Virus
Just realized the remote messages returned from postmaster are just
notifications that there is an unattended mailbox that is receiving my
virus notifications.
Can you have multiple addresses in the email file such as:
To: [EMAIL PROTECTED],[EMAIL PROTECTED]
---
[This E-mail was scanned for vi
Ignore this message, fiqured out the problem ... see second posting.
-- Original Message --
From: David Dodell <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Sep 2003 10:48:23 -0700
>We are intercepting the Swen virus, but do no
We are intercepting the Swen virus, but do not have it setup as a
Forging virus at this time (is it??)
Anyway, we send out a notification message to the sender, and they
are being rejected by remote systems saying "We sent them a virus"
Since declude strips off and deletes the virus, how are the
>>Received: from guava.uch.edu [168.200.2.37] by stat.com with ESMTP
>> (SMTPD32-8.02) id A94AD300BE; Sat, 23 Aug 2003 13:06:34 -0700
>>Received: from mail pickup service by guava.uch.edu with Microsoft
>>SMTPSVC;
>> Sat, 23 Aug 2003 14:06:33 -0600
>>Received: from uchaex2.uch.ad.pvt ([168
Just sent a test message to the domain, and the headers are the same:
Received: from guava.uch.edu [168.200.2.37] by stat.com with ESMTP
(SMTPD32-8.02) id A882145022C; Sun, 24 Aug 2003 10:40:18 -0700
Received: from mail pickup service by guava.uch.edu with Microsoft SMTPSVC;
Sun, 24 Aug
-- Original Message --
From: "R. Scott Perry" <[EMAIL PROTECTED]>
>Comparing it to the headers generated by the copies of Sobig.F we've looked
>at, it appears that it was indeed a bounce message.
Then I'm confused .. to me it appeared from the headers that
s server can't
I don't think so. The only reason is there is another IP address showing received
past his server, another IP from their block that shows that the message originated
there.
David
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Be
welcomed to the havoc it will cause.
David Dodell
===Original message text===
David,
In looking at the header you sent Marcy, the subject of the message is
"Undeliverable: Re: Details" which means our e-mail system was sending you a
message back that it c
Saturday, August 16, 2003, 7:40:00 AM, Bill Landry wrote:
> What's the message.zip file size? The only one's I've seen pass are
> corrupted, zero-byte files.
Well, it looks like I'm safe ... the file is zero-bytes so it was
corrupted
Now, I took out the little patch Scott put in to catch the
Just saved the message.zip file to my local machine and ran f-prot
against it ... virus free.
Thoughts? Maybe a new variant? Or maybe corrupted?
David
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.
Scott, Mimail is passing all of a sudden:
I'm running the latest of F-Prot (the new engine), latest def, latest
beta of Declude ... it was stopping it yesterday ... I've installed
8.02 and MiMail not stopping ... actually haven't seen anything in the
last several hours except Outlook vulnerability
Finally caught my first W32/Mimail virus tonight using the new F-Prot
3.14a / new defs ... I'm so relieved
And I'm running the 32 bit command line version.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing lis
From: "Serge" <[EMAIL PROTECTED]>
>Try to schedule kill.exe 1 hour after each updater run
Serge, what is this kill.exe ... I don't have it on my hard drive.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing l
I like to keep things easy ... I use F-Prot scheduler to check for new
definitions every 4 hours.
However, occasionally it times out, and I'm left with a failed
connection notice on the screen. And this seems to stop the
automatic polling. Any way to stop this, some switch someplace, but
I don
-- Original Message --
From: "Timothy C. Bohen" <[EMAIL PROTECTED]>
>We have a customer that wants to run their own mail server. If I setup imail
>to act as a relay can I provide them with virus scanning using our declude?
Yes ... I do the now for both my
I have FORGINGVIRUS Klez in my "virus.cfg" file, but can't locate in
the docs what to put in my EML files so notifications aren't sent out to
the forged addresses.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mail
This was on the Frisk web site, dated today May 27th:
F-Prot Antivirus™ version 3.12a
A new version of F-Prot Antivirus™ for Windows, version 3.12a, has
been released and is now ready for download.
This new version has been improved from previous version 3.12 but the
most notable change lies in
When I get the following notice from Declude; which is the "true"
sender knowing the Klez forges headers .. and which one is getting the
virus notice from the server? The From: that declude reports, or the
from in the headers, or neither?
David
-=
Declude Virus v1.53 caught the following
this same message on the Imail forum, you might want to
reverse what you did too.
THANKS SCOTT!
David
-
This is a forwarded message
From: David Dodell <[EMAIL PROTECTED]>
To: "R. Scott Perry" <[EMAIL PROTECTED]>
Date: Sunday, March 24, 2002, 11:32:35 A
Sunday, March 24, 2002, 7:32:51 PM, you wrote:
> Did u remember to delete .pif file in the f-prot directory ?
> if its still there declude will not run the f-prot
No PIF file in the directory.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail cam
Just a note ... I downloaded an installed the f-prot 3.12 program
since everybody said it was working fine. I'm using Declude 1.45
Today, the W32/Magistr.32768 infected my wife's machine. My virus
definitions are updated every 6 hours.
The declude logs show everything normal ... I ran the tes
Has anyone upgraded to version 3.12 yet? Does it work ok with
Declude?
David
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscrib
Just found this on their website dated today:
F-Prot Antivirus Alert Service
To better serve our customers, FRISK Software International has
launched an Alert Service to provide you with the vital information
you need to stay ahead of threats to your computer security. This
Alert Service will he
Saturday, February 02, 2002, 6:51:34 AM, you wrote:
> does anyone else have a problem with f-prot updating... my system says it
> can not find the server
Mine just updated about 5 minutes ago without problems 7 am MST
---
[This E-mail was scanned for viruses by Declude Virus (http://www.de
> A much more important (undocumented) development with 3.11b was the inclusion
> of a native WIN32/Console command line scanner - fpcmd.exe. This
> theoretically should give a performance boost over the DOS version. We'll
> have to do some collective testing and see.
Jerry, are you saying we
I just redownloaded 3.11b, reinstalled it, rebooted etc ... and still
can't run the OnDemand Scanner ... f-prot with declude still appears
to be working ok ... still no answer from F-Prot tech support.
David
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Thi
Monday, December 24, 2001, 6:51:25 AM, you wrote:
> Anyone find the solution yet. When I did my upgrade, I have the same
> problem. If I run F-Prot DOS for checking mail, I can't run the OnDemand
> scanner. I get the same error message about running more that one copy of
> the program.
No soluti
Saturday, December 22, 2001, 1:56:35 AM, you wrote:
> got a serius problem with the 3.11b version it slipped through a lot of
> virus tonight, I downloaded the version for Europe, this morning i changed
> back to the 3.11a from the US based ftp and voila i started imedialy caching
> virus, anythi
Friday, December 21, 2001, 6:47:28 PM, you wrote:
> are you using nt4 server?
I am, and having the same problem.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [E
Instead of using the f-prot updater (since it will only run once
daily), I'm going to use a different program to run the updates ...
what is the command line I need to get f-prot to update?
Thanks,
David Dodell
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just se
Saturday, October 06, 2001, 8:10:04 AM, you wrote:
> There is no way to have Declude automatically delete them. That's mainly a
> safety feature, in case of problems with the virus scanner (if it starts
> reporting that all files have viruses, for example).
Would you consider adding a "switch"
At the moment, Declude moves my viruses into the imail/spool/virus
subdirectory
Anyway to just have declude delete everything ... I have no desire to
store the messages especially if they are infected.
David
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-m
83 matches
Mail list logo