In my email reports, is there a way to also signify which scanner caught the
virus; ie internal vs one of the external scanners?
so my reports now look like;
Declude Virus v4.6.35 caught the following:
Virus Name: Sanesecurity.Junk.26145.UNOFFICIAL
Virus File: Unknown File
From:
,
Andy
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David
Dodell
Sent: Monday, June 08, 2009 12:26 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] ClamAV
I'm using an older version of ClamAV that needs to be updated as a
backup scanner
I'm using an older version of ClamAV that needs to be updated as a
backup scanner.Unfortunately, it is no longer being developed.
Has anyone tried the ClamID from ArmResearch or any other version of
ClamAV that is current that works with Declude?
David
---
This E-mail came from the
G DATA
Never heard of this G DATA that was at the top of the list ... anyone
familiar if they offer a command line scanner that will work with
Declude?
David
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type
As posted already, I have now tried THREE variations of ClamAV, and
played around with the scanfile in virus.cfg to never get this to
work ... it appears that Declude can not find the report file ever ...
Since the variation of ClamAV has always worked fine from the command
line, I know
Still having a problem getting ClamAV to work ... this is what i have
in my virus.cfg
SCANFILE1 C:\imail\declude\clamav\runclamscan.exe log=1 C:\imail
\declude\clamav\clamdscan.exe --quiet -l report.txt
VIRUSCODE1 1
REPORT1 FOUND
But my virus logs show this error; any ideas???
David
---
Still having a problem getting ClamAV to work ... any new
suggestions ... this is what my virus.cfg configuration looks like:
SCANFILE1 C:\imail\declude\clamav\runclamscan.exe log=1 C:\imail
\declude\clamav\clamdscan.exe --quiet -l report.txt
VIRUSCODE1 1
REPORT1 FOUND
But the declude
On Dec 29, 2008, at 8:18 AM, Scott Fisher wrote:
I use the runclamscan program to call clamav. Here's my virus.cfg
lines
SCANFILE1 c:\clamav\runclamscan.exe log=1 C:\clamav\clamdscan.exe --
quiet -l
report.txt
VIRUSCODE1 1
REPORT1 FOUND
Scott, the version of clamdscan I have did not
On Dec 28, 2008, at 8:36 AM, Hirthe, Alexander wrote:
http://www.mail-archive.com/declude.virus@declude.com/msg14082.html
Ok, thanks for the excellent beginning ... I'm using the Clamav-win32
from sosdg.org
Freshclam installed all the latest files just fine
Got it all installed ... but
On Dec 28, 2008, at 10:28 AM, David Dodell wrote:
(2) In my virus.cfg I have
scanfile c:\imail\declude\clamav\clamdscan.exe --quiet -l report.txt
viruscode 1
report FOUND
(3) In my logs it reports
Could Not Parse String FOUND in report.txt
Error 2 in virus scanner 1
Scanned: Error in Virus
Anyway to force declude to update the AVG files ... my dates run from
12/17 to 12/23 ... are these really current dates?
David
(I have my update frequency set at every 2 hrs)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
On Dec 27, 2008, at 9:59 AM, Andy Schmidt wrote:
Hi,
The general experience has been (as reported by several individuals
in two
different lists over the past 3 months), that the Declude AVG
updates are
frequently 48 hours behind - which means they are only effective for
old
viruses. I
I've been seeing viruses get through our Declude/AVG end over the past
few months ... they are being caught on the Desktop by F-Prot.
I look at the files in the declude/scanner/AVG directory, and the last
one is updated 12/23, two days ago ... while AVG website says their
last update was
On Dec 25, 2008, at 9:34 PM, David Dodell wrote:
I've been seeing viruses get through our Declude/AVG end over the
past few months ... they are being caught on the Desktop by F-Prot.
I look at the files in the declude/scanner/AVG directory, and the
last one is updated 12/23, two days ago
Been using F-Prot version 3 for years ... and now getting notices to
upgrade to version 6.
Anyone done this yet, and is it still compatible with Declude/Imail,
etc?
David
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED],
I haven't seen a good connection from F-Prot for about 24 hours ...
just checked for their website, can't connect there.
This is on our primary Sprint connection.
Tried our backup DSL from Qwest that is totally separate (we use for
testing etc) and can't connect there either ...
Anyone
On Dec 18, 2006, at 9:27 PM, Ncl Admin wrote:
Down here as well on two different circuits. Tracert times out in
Germany somewhere or other.
Obviously a good reason to be running multiple scanners.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an
-Original Message-From: "John T (Lists)" [EMAIL PROTECTED]
What happens if you restart the Queue
Manager service?
-Original MessageOk, just did that a few seconds ago to see if that helps ... but why would only the virus notifications be put in the spool as GSC files,
I just realized I haven't been seeing any notifications for the past
few weeks from my Declude software showing it had stopped a virus.
I checked the virus log on the server, and it shows it is stopping
several virues a day.
Is there a switch now that turns off/on virus notification in
-Original Message-I just realized I haven't been seeing any notifications for the past few weeks from my Declude software showing it had stopped a virus.I checked the virus log on the server, and it shows it is stopping several virues a day.---I just checked the spool directory ... there
I would like to suggest a new feature to be added to the virus
notification capabilities.
I need to be able to specify a per domain recip.eml file. This way I can
tailor the notifications to each domain as appropriate. These files
should be in the domain subdirectory along with the
I have the latest version of Declude installed ... have the new virus
set to update every 2 hours ... but my latest DB files are dated
5/25/06 ... I've seen F-Prot update several times in the past 6
days ... but nothing from AVG ... doesn't make sense ... is there
still a problem with the
/26/2006 5:41:18 AMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] AVG Database file dates?Mine are:Avi7.avg 2/21Incavi.avg 5/25Microavi.avg 5/18Miniavi.avg 5/22We just upgraded to declude 4.2.12. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Da
We just started to use the AVG internal scanner with F-Prot as a
backup ... since I have no comparison, just wanted to make sure my
files were up to date;
I have
avi.avg 2/21
incavi.avm 5/25
microavi.avg 5/10
miniavi.avg 5/25
Does that match?
---
This E-mail came from the Declude.Virus
All of my email virus notifications are all of a sudden stuck in the
Imail queue as GSC files ... I'm using the latest declude with Imail
9.01
No changes to the server and till last night was working fine ... how
do I unstick GSC files?
-
Internet Dental Forum www.internetdentalforum.org
I use F-Prot 1, McAfee 2, Clam 3
What version of McAfee do you use?
David
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
I noticed that my virus scanner is no longer sending me notices when
it intercepts a virus ... before I used to get email notice from
declude that a virus, and/or spam was intercepted, but now that seemed
to have stopped ... is there a switch I need to turn on / off?
It appears messages are
Saturday, November 5, 2005, 12:50:59 PM, Bill Landry wrote:
Strange, what do the IMail logs says about these particular messages?
Yep, it is strange .. it is taking about 20 to 30 minutes from once
the message is scanned till the Email message is being generated.
The log looks normal, but
Saturday, November 5, 2005, 1:43:11 PM, Darrell ([EMAIL PROTECTED]) wrote:
When you say messages are getting stuck in the spool do you mean after they
are processed by Declude? When you upgraded to Declude 3.x did you replace
the declude.exe file?
As I mentioned in another post, it appears
Saturday, November 5, 2005, 2:13:21 PM, Darrell ([EMAIL PROTECTED]) wrote:
I caught that in the later thread. On my system I see the same behavior
where the gsc/gse will get processed by the next queue run as well. I do
seem to remember in older versions that they were tried to be
My virus caught messages are being delivered right away with version
3.0.5.18.
Bill, are you using Imail? If so, how fast is your queue being
retried since it appears to be tied to that
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
I am running IMail 8.21/Declude 3.0.5.18. My queue retry timer is set to 30
minutes. And both postmaster and recipient virus notifications are being
delivered immediately.
Strange ... the only difference is I'm running Imail 8.05 ... my
service contract arrives Monday to upgrade to 8.21 ...
After many years of using Virus Standard, I upgraded to Virus Pro to
take advantage of a second scanner. I've scanned the previous
threads on what others like for a second scanner to F-Prot, but can't
seem to find any common thread ...
So I would appreciate what seems to be the next most
John, if I turn it off ... what else is being turned off, all of the
vulnerability tests?? I couldn't even find a switch for that ...
-- Original Message --
From: John Tolmachoff \(Lists\) [EMAIL PROTECTED]
Reply-To: Declude.Virus@declude.com
Date: Fri,
Thursday, August 11, 2005, 11:43:50 PM, Colbeck, Andrew wrote:
David, with your version of Declude Virus, you'd have to turn off all 10
of the CR vulnerability checks at one go. I'm at the same or similar
version, and that's what I've decided to do. This directive goes in
your virus.cfg:
Had email from a company today (Photodex) rejected due to the Outlook
'CR' Vulnerability but from the headers it looks like the email
originated from Thunderbird as the email client ... see headers below
...
Is it time to drop the Outlook vunerbility test??
David
Received: from
Thursday, August 11, 2005, 8:50:32 PM, Matt wrote:
With 2.0.6.16, which is available from the Declude site, you can turn
off the Outlook CR Vulnerability. I have turned off all but a couple of
these because of numerous false positive issues.
Unfortunately, I'm still at 1.82 due to budget
My machine keeps sending out viruses notices for the Swen virus.
I have:
SKIPIFVIRUSNAMEHAS Swen
in the top of my otherpostmaster.eml file.
I also have:
FORGINGVIRUS Swen
In my virus.cfg file.
Am I missing something why the notices are still sent out?
David
---
[This E-mail was
From: John Tolmachoff \(Lists\) [EMAIL PROTECTED]
CPL files should be banned no matter what.
John, I am ... was more curious why they aren't being caught as viruses ... I even
took one and scanned it manually with f-prot and it came up clean.
David
---
[This E-mail was scanned
Our virus definitions from F-Prot are up to date, but still seeing multiple CPL files
passing through. I decided to block them using the Ban Extension.
Are these CPL files actually infected, or corrupted so the virus scanners aren't
detecting them?
David
---
[This E-mail was
Can someone send me a copy of their Bannotify.eml ...
David
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
-- Original Message --
From: John Tolmachoff \(Lists\) [EMAIL PROTECTED]
Did you change anything in the scan line?
Just checked my logs, and it appears to be working ok ... just got two interceptions
with the usual service message of:
Declude Virus
No, nothing ... I just installed F-Prot in the it's update mode ... no changes made to
the declude files at all.
David
-- Original Message --
From: John Tolmachoff \(Lists\) [EMAIL PROTECTED]
Did you change anything in the scan line?
-Original
We are intercepting the Swen virus, but do not have it setup as a
Forging virus at this time (is it??)
Anyway, we send out a notification message to the sender, and they
are being rejected by remote systems saying We sent them a virus
Since declude strips off and deletes the virus, how are the
Ignore this message, fiqured out the problem ... see second posting.
-- Original Message --
From: David Dodell [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Sep 2003 10:48:23 -0700
We are intercepting the Swen virus, but do not have
Just realized the remote messages returned from postmaster are just
notifications that there is an unattended mailbox that is receiving my
virus notifications.
Can you have multiple addresses in the email file such as:
To: [EMAIL PROTECTED],[EMAIL PROTECTED]
---
[This E-mail was scanned for
-- Original Message --
From: R. Scott Perry [EMAIL PROTECTED]
Comparing it to the headers generated by the copies of Sobig.F we've looked
at, it appears that it was indeed a bounce message.
Then I'm confused .. to me it appeared from the headers that it
Just sent a test message to the domain, and the headers are the same:
Received: from guava.uch.edu [168.200.2.37] by stat.com with ESMTP
(SMTPD32-8.02) id A882145022C; Sun, 24 Aug 2003 10:40:18 -0700
Received: from mail pickup service by guava.uch.edu with Microsoft SMTPSVC;
Sun, 24
Received: from guava.uch.edu [168.200.2.37] by stat.com with ESMTP
(SMTPD32-8.02) id A94AD300BE; Sat, 23 Aug 2003 13:06:34 -0700
Received: from mail pickup service by guava.uch.edu with Microsoft
SMTPSVC;
Sat, 23 Aug 2003 14:06:33 -0600
Received: from uchaex2.uch.ad.pvt
to the havoc it will cause.
sigh
David Dodell
===Original message text===
David,
In looking at the header you sent Marcy, the subject of the message is
Undeliverable: Re: Details which means our e-mail system was sending you a
message back that it couldn't deliver a message
Scott, Mimail is passing all of a sudden:
I'm running the latest of F-Prot (the new engine), latest def, latest
beta of Declude ... it was stopping it yesterday ... I've installed
8.02 and MiMail not stopping ... actually haven't seen anything in the
last several hours except Outlook
Just saved the message.zip file to my local machine and ran f-prot
against it ... virus free.
Thoughts? Maybe a new variant? Or maybe corrupted?
David
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing
Saturday, August 16, 2003, 7:40:00 AM, Bill Landry wrote:
What's the message.zip file size? The only one's I've seen pass are
corrupted, zero-byte files.
Well, it looks like I'm safe ... the file is zero-bytes so it was
corrupted
BIG SIGH
Now, I took out the little patch Scott put in to
Finally caught my first W32/Mimail virus tonight using the new F-Prot
3.14a / new defs ... I'm so relieved sigh
And I'm running the 32 bit command line version.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
I like to keep things easy ... I use F-Prot scheduler to check for new
definitions every 4 hours.
However, occasionally it times out, and I'm left with a failed
connection notice on the screen. And this seems to stop the
automatic polling. Any way to stop this, some switch someplace, but
I
From: Serge [EMAIL PROTECTED]
Try to schedule kill.exe 1 hour after each updater run
Serge, what is this kill.exe ... I don't have it on my hard drive.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.
I have FORGINGVIRUS Klez in my virus.cfg file, but can't locate in
the docs what to put in my EML files so notifications aren't sent out to
the forged addresses.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
This was on the Frisk web site, dated today May 27th:
F-Prot Antivirus™ version 3.12a
A new version of F-Prot Antivirus™ for Windows, version 3.12a, has
been released and is now ready for download.
This new version has been improved from previous version 3.12 but the
most notable change lies
When I get the following notice from Declude; which is the true
sender knowing the Klez forges headers .. and which one is getting the
virus notice from the server? The From: that declude reports, or the
from in the headers, or neither?
David
-=
Declude Virus v1.53 caught the following:
Just a note ... I downloaded an installed the f-prot 3.12 program
since everybody said it was working fine. I'm using Declude 1.45
Today, the W32/Magistr.32768 infected my wife's machine. My virus
definitions are updated every 6 hours.
The declude logs show everything normal ... I ran the
Just found this on their website dated today:
F-Prot Antivirus Alert Service
To better serve our customers, FRISK Software International has
launched an Alert Service to provide you with the vital information
you need to stay ahead of threats to your computer security. This
Alert Service will
Saturday, February 02, 2002, 6:51:34 AM, you wrote:
does anyone else have a problem with f-prot updating... my system says it
can not find the server
Mine just updated about 5 minutes ago without problems 7 am MST
---
[This E-mail was scanned for viruses by Declude Virus
A much more important (undocumented) development with 3.11b was the inclusion
of a native WIN32/Console command line scanner - fpcmd.exe. This
theoretically should give a performance boost over the DOS version. We'll
have to do some collective testing and see.
Jerry, are you saying we
Saturday, December 22, 2001, 1:56:35 AM, you wrote:
got a serius problem with the 3.11b version it slipped through a lot of
virus tonight, I downloaded the version for Europe, this morning i changed
back to the 3.11a from the US based ftp and voila i started imedialy caching
virus, anything
Instead of using the f-prot updater (since it will only run once
daily), I'm going to use a different program to run the updates ...
what is the command line I need to get f-prot to update?
Thanks,
David Dodell
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send
At the moment, Declude moves my viruses into the imail/spool/virus
subdirectory
Anyway to just have declude delete everything ... I have no desire to
store the messages especially if they are infected.
David
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an
Saturday, October 06, 2001, 8:10:04 AM, you wrote:
There is no way to have Declude automatically delete them. That's mainly a
safety feature, in case of problems with the virus scanner (if it starts
reporting that all files have viruses, for example).
Would you consider adding a switch for
67 matches
Mail list logo