What version or port of ClamAV are you using with Declude? I've been
reading on the SmarterTools forums about the problems with ClamWin, and was
wondering if the majority are using this port or a different one?
SmarterTools has been referring people to this link:
http://www.h-online.com/open/ne
significant bug fixes (such as deleting
the .txt files being left in the work directory by AVG), then why has it
taken this long for Declude to release it "officially"? Declude's answer
for a problem should not be to tell me to install an alpha or beta version
of their product
Here is a comment by the SOSDG ClamAV author on the SmarterMail forum:
http://www.smartertools.com/forums/p/22257/59718.aspx#59718
Original Message
> From: "Gary Steiner"
> Sent: Monday, December 29, 2008 3:20 PM
> To: declude.virus@declude.com
> Subje
There is an announcement on the SOSDG web site saying they will no longer
support their version of ClamAV.
http://www.sosdg.org/clamav-win32
Is anyone using a different port of ClamAV with Declude? Has anyone had
success with http://www.clamwin.com/ ?
Original Message
>
I've been using the SOSDG version of ClamAV (http://www.sosdg.org/clamav-win32)
with no problem. The is the same version/port of ClamAV that SmarterMail ships
with their product.
The trick is setting it up to run as a service with runclamscan and runclamd.
These are included with ClamAV in th
Don't know if this relates to your situation, but hope it helps. I ran into a
problem similar to this, but on a 32-bit machine. It was caused when the
software was installed with an account that had administrator privileges, but
not THE Administrator account. So possibly you are looking at som
I'm using the SOSDG port which is currently at version 0.90.3-3c and have not
encountered the problem you describe. Then again, I'm also using SmarterMail,
so don't know if this may be an IMail compatibility problem.
Original Message
> From: "John Shacklett" <[EMAIL PROTECTED
this point.
Gary Steiner
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
fixed version?
Gary Steiner
Original Message
> From: "David Barker" <[EMAIL PROTECTED]>
> Sent: Wednesday, May 02, 2007 4:19 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude
> failu
msgsize 10240 x -50 0
>
> David Barker
> VP Operations | Declude
> Your Email Security is our business
> O: 978.499.2933 x7007
> F: 978.988.1311
> E: [EMAIL PROTECTED]
>
>
> -Original Message-
> From: [EMA
s@declude.com
> > Subject: Re: [Declude.Virus] re: new virus with .rar attachment
> >
> > Only if you also have BANEXT rar.
> >
> > Do you have junkmail scanning before virus?
> >
> > John T
> >
> > -Original Message-
> > From:
Or does this show that there are too many people out there who don't have
anti-virus software on their computers?
Original Message
> From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
> Sent: Tuesday, May 01, 2007 1:11 PM
> To: declude.virus@declude.com
> Subject: [Declude.Virus] Inte
It's not that difficult. The legitimate messages with rar attachments are big
(usually 10MB and up) so it's not hard to separate them from the image spam and
common viruses being held in the virus directory.
As mentioned by Craig in an earlier post, it would be nice if Declude added the
capabi
Until Declude resolves the issue with BANEXT EZIP, I've had to ban all rar
files. Unfortunately some of my customers regularly send rar attachments, so
I've had to check the virus hold directory on a regular basis and manually
resubmit any false positives there.
Gary
Original Messag
they have blocked 1.2 million messages by
> tackling the text of the message as spam.
>
> Andrew.
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> > Behalf Of Gary Steiner
> > Sent: Wednesday, April 25, 2007
Declude virus and then inspect
> the relevant lines of the log (or send them to the list so that we can take
> a look at it). Obviously, you'd also need to share your virus.cfg
> configuration so that we understand the context.
>
> Best Regards,
> Andy
>
> -
oblem?
Any suggestions you might have are greatly appreciated.
Gary Steiner
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.
ect: Re: [Declude.Virus] re: new virus with .rar attachment
>
> Only if you also have BANEXT rar.
>
> Do you have junkmail scanning before virus?
>
> John T
>
> -Original Message-
> From: "Gary Steiner" <[EMAIL PROTECTED]>
> Sent 4/25/2007
ClamAV is now picking this up as Email.Phishing.RB-686
Original Message
> From: "Gary Steiner" <[EMAIL PROTECTED]>
> Sent: Wednesday, April 25, 2007 1:48 PM
> To: declude.virus@declude.com
> Subject: [Declude.Virus] new virus with .rar attachment
As a followup to this, in my virus.cfg I have BANEXT EZIP. Shouldn't this have
caught the password-protected .rar file? Declude passed the message to
SmarterMail without holding it. I'm running Declude 4.3.46.
Original Message
> From: "Gary Steiner" <
I started getting some messages today that were picked up as spam, but were not
being identified as viruses. They looked suspicious, having subject lines of
Virus Activity Detected!
Spyware Alert!
It containes a .gif message that tells the user to open the .rar file and run
the patch there to
We've always used the SOSDG port of ClamAV with little problem. The current
version is quite stable. We have it on a W2K3 server using runclamd and
runclamscan.
http://www.sosdg.org/clamav-win32
This is also the same version that SmarterMail has incorporated into their 4.x
release.
I don't
What do you mean by "virus notifications"? Email from some mailing list?
Updates to your anti-virus definitions?
Gary
Original Message
> From: Dan Shadix <[EMAIL PROTECTED]>
> Sent: Wednesday, March 28, 2007 6:55 PM
> To: "declude.virus@declude.com"
> Subject: [Declude.Vir
A new version (0.90.1-3) was posted on the SOSDG web site.
Bri Bruns told me that the --mbox parameter no longer works, so you should
remove it from the line in your virus.cfg file before installing 0.90.1-3.
Gary
Original Message
> From: "Gary Steiner" <
The following was just posted to clamav-announce:
Original Message
> From: "Bri Bruns" <[EMAIL PROTECTED]>
> Sent: Tuesday, March 13, 2007 2:43 PM
> To: [EMAIL PROTECTED]
> Subject: [clamav-announce] Problems with ClamAV/SOSDG For WIndows 0.90.1-1
> and -2
>
> Okay, been gett
: Re: [Declude.Virus] ClamAV 0.90.1-2 problems
>
> Exit code of 2 means ClamAV had an error - Is clamd running? will
> clamdscan.exe work? eg no parameters?
>
> -Nick
>
> Gary Steiner wrote:
> > Ever since I upgraded to ClamAV 0.90.1-2 (the SOSDG windows port),
t.txt 62376245.eml
/cygdrive/c/clamav-devel/bin/clamdscan: unrecognized option `--mbox'
ERROR: Unknown option passed.
ERROR: Can't parse the command line
Anyone else seeing anything like this? Did something change in 0.90 to make
these paramenters invalid?
Thanks,
Gary Steiner
OTECTED]>
> Sent 2/26/2007 1:30:43 PM
> To: declude.virus@declude.com
> Subject: Re: [Declude.Virus] Current Version of Clam AV
>
>
> Gary,
>
> I upgraded on Friday and have not ran into any issues.
>
> Darrell
>
> --
I see that SOSDG released a new version (0.90-1) of their Windows port of
ClamAV on 02-22-2007.
http://www.sosdg.org/clamav-win32/
Has anyone upgraded to it yet? Any problems?
Gary Steiner
Original Message
> From: "Mark Reimer" <[EMAIL PROTECTED]>
>
Here's a strange one. Declude reports that it is detecting a virus in a file
attachment that is a Word document.
"AVG Reports VIRUS: Exploit-Dropper.1Table"
Yet when I send that same email to VirsuTotal.com, AVG states "no virus
detected". And none of the other programs listed on VirusTotal.c
ClamAV catches a lot of them.
Original Message
> From: "Darin Cox" <[EMAIL PROTECTED]>
> Sent: Thursday, February 15, 2007 5:58 PM
> To: declude.virus@declude.com
> Subject: Re: [Declude.Virus] pay-pal phishing
>
> Message Sniffer does a pretty good job. You can also use the
I was receiving copies of it yesterday (Thursday), but nothing today. All
messages contained a .exe attachment. Since I'm running AVAFTERJM, all the
messages were caught as spam. I did not receive any that were not caught as
spam.
Original Message
> From: Heimir Eidskrem
I've seen similar behavior with viruses found by AVG.
Original Message
> From: "Andy Schmidt" <[EMAIL PROTECTED]>
> Sent: Wednesday, December 13, 2006 12:42 PM
> To: "'Declude Virus List'"
> Subject: [Declude.Virus] Sender.eml was sent even though forging virus?
>
> Hi,
>
> M
Good question. David?
Original Message
> From: "Stephan" <[EMAIL PROTECTED]>
> Sent: Friday, December 08, 2006 12:21 AM
> To: declude.virus@declude.com
> Subject: [Declude.Virus] Re: [Declude.Virus] Declude Security Suite 4.3.23
> Released / AVG Vulnerability?
>
> Is the buil
Looks like the web page for runclamd and runclamscan
http://www.smartbusiness.com/imail/declude/
has been removed. Hopefully it will continue to be included in future releases
of ClamAv for Windows.
Gary
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send
I think you meant to say SKIPIFFORGING not SKIPIFFORGINGVIRUS.
Original Message
> From: "John T \(Lists\)" <[EMAIL PROTECTED]>
> Sent: Friday, October 27, 2006 7:52 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] AUTOFORGE
>
> > Also, how is FORGINGVIRUS diffe
Is the command FORGINGVIRUS still used? It doesn't seem to be mentioned in the
new manuals on the Declude web site, or in the knowledgebase either.
My main question is how does FORGINGVIRUS work? Is it looking for any string
within the virus name? For example, will the statement
FORGINGVIRUS
If you want to submit a virus, don't forget about ClamAV:
http://www.clamav.net/sendvirus.html
The nice thing about them is when they've used your sample to update their
definitions, they will actually send you an email telling you this.
Original Message
> From: "Colbeck, An
I have an email that was held as a virus after ClamAV was triggered with the
result "Oversized.RAR FOUND". I looked for an explanation but couldn't find
anything detailed. Apparently this is due to some type of bug in ClamAV that
shows up with certain RAR or ZIP files.
I found one posting tha
stomization. Example, I
> have a client that the manager wants a copy of each notice sent. So I have
> created 2 specific eml files for that client, one for if the infected email
> is incoming and one for if the infected email is outgoing.
>
> John T
> eServices For You
>
>
declude.virus@declude.com
> > > Subject: RE: [Declude.Virus] New feature needed
> > >
> > > Gary,
> > >
> > > I have not even thought of something like that (since all my customers
> > > are English speaking) but you are absolutely right.
&
ers
> are English speaking) but you are absolutely right.
>
> So David will we be seeing this new feature next week? :)
>
> Goran Jovanovic
> Omega Network Solutions
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL P
stion
> to see what the return code is?
>
> John T
> eServices For You
>
> "Seek, and ye shall find!"
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
> > Steiner
> > Sent: Friday,
l Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
> > Steiner
> > Sent: Friday, July 14, 2006 2:43 PM
> > To: declude.virus@declude.com
> > Subject: [Declude.Virus] Declude error, not ClamAV error
> >
> > Upon further res
Upon further research, the statement "Attachment=[Unknown: Err]" is generated
by Declude, not ClamAV. So does Declude have a problem with ClamAV?
Original Message
> From: "Gary Steiner" <[EMAIL PROTECTED]>
> Sent: Friday, July 14, 2006 1:32 PM
RUSCODE2 1
> REPORT2 FOUND
>
> Change the SCANFILE2, VIRUSCODE2, REPORT2 to 3. That might help
>
> Goran Jovanovic
> Omega Network Solutions
>
> -----Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary
> Steiner
> S
I recently installed ClamAv as my third scanner after AVG and F-Prot. For some
reason it indicates an error related to the attachment when it detects a virus
(Attachment=[Unknown: Err]). Here is an example from the Declude virus log
file:
07/13/2006 19:32:18.843 366626185 Vulnerability flags
In your virus.cfg, make sure you have this:
BANCRVIRUSESON
and do not have this:
ALLOWVULNERABILITY OLCR
That should do it.
Original Message
> From: Rick O'Connor <[EMAIL PROTECTED]>
> Sent: Saturday, July 01, 2006 1:19 PM
> To: declude.virus@declude.com
> Subject:
I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude). The messages are all around 86k in size, and contain a gif and an encrypted zip file. It pretends to be sending you a password for some unnamed account
I asked about the possibility of per domain replies several months ago. I
would hope that it has already been placed on the wish list.
It is especially useful when you have users speaking different languages and
you want to have language specific messages linked to each domain.
Gary
nal Message -
> From: "Dean Lawrence" <[EMAIL PROTECTED]>
> To:
> Sent: Thursday, May 18, 2006 7:48 AM
> Subject: Re: [Declude.Virus] reque slips by Declude?
>
>
> Gary,
>
> I do believe that messages that have been re-queued do not get scanned
Have any other Feebs
viruses slipped through? Unfortunately the eicar tests don't have an hta to
use, so the only way I have to test this is with a live virus. The Feebs virus
isn't one of the more common ones, but all it takes is one to get through to
spoil the day of one
Original Message
> From: Gary Steiner <[EMAIL PROTECTED]>
> Sent: Monday, April 24, 2006 8:46 PM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] banned file mentioned in header?
>
> Wnen Declude uses a virus scanner to detect a virus,
Wnen Declude uses a virus scanner to detect a virus, you are able to place a
message in the header of the held file such as:
X-Declude-Virus: Detected W32/[EMAIL PROTECTED] [from IP 200.52.83.152
(152.83.52.200.in-addr.arpa)].
However, when a banned file (such as a .exe in a .zip) is held, no
What is the value of the "AI" switch? I see it (and others related) explained
on the F-Prot web site, but I don't understand why one would use it or not use
it. Nor does it tell you what the default is.
/HEUR - Uses heuristic scanning of files.
/NOHEUR - Doesn't use heuristic scanning of file
If you take a look at the DOS version of F-Prot
ftp://ftp.f-prot.com/pub/dos/fp-316b.zip
you will find that it contains a file called COMMAND.TXT that seems to explain
everything. I've attached it below:
The command-line options
F-PROT.EXE is usually run without any p
domains depending on the language of the customer
(recip-en.eml and recip-es.eml). I believe this can be done in Junkmail, but
can it be done in EVA?
Thanks,
Gary Steiner
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus
Is anyone using one of the various Windows ports for ClamAV under W2K3? If so,
which one is best?
Thanks,
Gary Steiner
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to
he sender's
Outlook settings?
I see in the EVA manual that I can turn this off using
ALLOWVULNERABILITY OLSPACEGAP
but do I really want to do that?
Thanks,
Gary Steiner
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declud
Just looking at my server stats for yesterday, there were only two Sobers
caught by EVA as viruses. All the rest were caught by Junkmail as spam.
Original Message
> From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
> Sent: Saturday, January 07, 2006 12:11 AM
> To: Declude.Virus@dec
Is this a Declude issue or an IMail issue? I'm using Declude 3.0.5.22 with the
latest version of SmarterMail, and I haven't seen this behavior at all. Have
any other SmarterMail users out there seen this behavior?
Gary
Original Message
> From: marc <[EMAIL PROTECTED]>
>
I was told the 3.0.5.21 version fixes the problem in IMail but not in
SmarterMail.
Since I'm using SmarterMail, I'm waiting for version 3.0.5.22.
Gary Steiner
Original Message
> From: "John Carter" <[EMAIL PROTECTED]>
> Sent: Monday
Does this mean that vulnerability notifications are not available for
SmarterMail?
Gary Steiner
Original Message
> From: "David Barker" <[EMAIL PROTECTED]>
> Sent: Wednesday, November 30, 2005 11:13 AM
> To: Declude.JunkMail@declude.com>, Subj
x27;t know
> when Declude plans to make it's next release, but you might request the
> pre-release if you need to have the notifications.
>
> Bill
> - Original Message -
> From: "Gary Steiner" <[EMAIL PROTECTED]>
> To:
> Sent: Tuesday, Novembe
I've been running with 3.x for over a month, but I just now realized that since
I upgraded I am no longer receiving the "Declude Virus caught a virus"
messages. Declude is catching viruses, I'm just not receiving email
notification. I don't believe I changed anything in the virus.cfg file that
Noticed that F-Prot also released a second batch of updates for today. Though
they still haven't updated their recent threat list on their web site.
Original Message
> From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]>
> Sent: Monday, September 19, 2005 6:22 PM
> To: Declu
I just checked my F-Prot, and it has a date of 9/19/2005 for both
"Application/Script viruses and Trojans" and "Document/Office/Macro viruses".
This is newer than what is on the F-Prot web site, which still says 16 Sep 2005
for "Application/Script viruses and Trojans" and 6 Sep 2005 for
"Docum
Well, there's always the Declude.Releases mailing list. Not sure that I've
ever received anything on that one. Maybe they need to make another one and
call it Declude.News.
I'd refer people to Declude's User Forums, but they seem to be extremely under
utilized by both Declude users and Declud
68 matches
Mail list logo
