Have to admit this has been on my list of things to investigate as well.
The auto-update is there, but looks to require the console logged in -
but have to admit I haven't looked hard.
Any luck running the update as a service or via command line?
Jerry
-Original Message-
From: [EMAIL
Look under:
\Program Files\Common Files\Softwin\BitDefender Scan Server
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting
S.A. Luis Alberto Arango
Sent: Friday, May 27, 2005 1:06 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus
Consider Clam AV, open source and in some ways does a better job for
mail scanning than most commercial products. It can be a little
resource intensive, so if your utilization at the edge you may want to
monitor it for a while.
For Trend products, you may need a serverprotect or officescan licens
I'm not sure where this is headed, but tying to macs is a BAD IDEA.
The concept is ok - but if I have a server die over the weekend or at
2:00am and can't get a new key, I won't be happy, and probably wouldn't
be using declude afterwards.
I need to be able to move from machine to machine with
For TEST 17, Whatever the technical vulnerability is called - there is a
copy of eicar encoded in the headers that Outlook (at least) can see -
haven't tested OE or others.
Symantec and Trend gateways catch it, as do the command line scanners
previously noted.
Jerry
> -Original Message-
They've changed the location of the "real" dos files on the ftp server.
They are now in /pub/dos. There are symlinks in /pub, but wget
can be a little flaky when following symlinks.
It's probably best to change the location for the "fp-3*.zip" to
"dos/fp-3*.zip" to insure minimal duplicate down
fpcmd ships with the Windows version. It's a Win32 console command line
version of F-Prot.
Jerry
- Original Message -
From: "John Tolmachoff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 07, 2002 2:37 PM
Subject: RE: [Declude.Virus] fprot 3.12b and Declude?
Is that
The script has not updated the exe for a very simple reason - they have not
updated the DOS distro yet.
All those steps shouldn't be necessary if not installing the Windows stuff.
At most stopping SMTP is all that is needed.
Jerry
- Original Message -
From: "Panda Consulting S.A - Luis
IIRC, there is some trivial FUD language in the Norman license - "for
internal use only" or something like that, but it was pretty mild. At one
point they also claimed on the site it wouldn't install on a server OS(even
though it did).
Kaspersky has no-nonsense server licensing, as does NOD32, bu
Isn't Command just F-Prot dressed up a little?
Jerry
- Original Message -
From: "John Tolmachoff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 20, 2002 4:02 PM
Subject: RE: [Declude.Virus] MacAfee kosher or not?
> I am currently looking into Kaperseky and Command A
- Original Message -
From: "Thomas E. Hall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 15, 2002 2:59 PM
Subject: RE: [Declude.Virus] Virus
software
> Has anyone writen a ftp script to auto-update Trend Micro's PCscan
virus> def's?>
Here as an attachment and in-l
NOD32 has uncluttered server licensing at $300. Same for Kaspersky but at
$560. Not sure how compatible with Declude either of the report formats are.
Norman is decent and will install, but licensing may be an issue.
Trend's PCScan is freely available via their emergency disk download, with
no p
- Original Message -
From: "Jonathan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 12, 2002 3:12 PM
Subject: [Declude.Virus] F-Prot Virus Bulletin Rating
> Has anyone ever noticed that Frisk F-Prot failed the Virus Bulletin
rating?
>
> http://www.virusbtn.com/vb100/a
Original Message -
From: "Thomas E. Hall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 12, 2002 1:11 PM
Subject: RE: [Declude.Virus] W32/Frethem-Fam
> We are using scripts to update F-Prot. Does the windows F-Prot update run
> as a service or do you have to leave t
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 12, 2002 11:39 AM
Subject: Re: [Declude.Virus] W32/Frethem-Fam
>
> >It seems to also use the MIME header exploit. This is such a
> >common virus element, maybe Declude should hav
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 12, 2002 10:22 AM
Subject: Re: [Declude.Virus] W32/Frethem-Fam
> Very interesting, since McAfee never sent out an alert about it. However,
> McAfee seems to use their E-mail vir
anks,
>
> Bill
>
> -Original Message-
> From: Jerry Murdock [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 29, 2002 5:20 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] Which F-Prot scanner to call?
>
>
> Fpcmd is a Win32 console application, co
Fpcmd is a Win32 console application, command-line only.
F-prot is the DOS command line app, with a DOS user interface(if called with
no parameters).
My testing shows a very small (<10%) performance benefit when using fpcmd.
Either should be OK, but fpcmd is not "officially" supported, unless t
l Ingram
> CI Travel
> 888.461.0022 ext.826
> mailto:[EMAIL PROTECTED]
>
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Jerry Murdock
> Sent: Wednesday, May 22, 2002 12:44 PM
> To: [EMAIL PROTECTED]
&
Only relatively old patterns should be missing Klez.
Make sure your running the latest engine. Mcafee is not good about updating
the engine sometimes.
Have you run the latest SDAT?
Jerry
- Original Message -
From: "Dan Olsen (DANO)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wed
fpcmd.exe may work OK if you want to keep the 8.3 name generation turned off.
I wouldn't though, unless absolutely 100% sure of everything that may EVER run
on the server.
Jerry
- Original Message -
From: "David Dodell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, March 24,
Scan any file(even a nonexistent file), the version number is in the banner of
the output - or - run without any parameters, and it should be displayed in
the top banner of the UI.
Jerry
- Original Message -
From: "Jonathan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, Mar
Sent: Thursday, March 14, 2002 10:38 AM
Subject: RE: [Declude.Virus] F-prot def files
> ftp.f-prot.com/pub
>
> shows a .zip from today but when you open the file it contains a file dated
in january or december
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
&g
I've had no problems with my scripts that use ftp.f-prot.com, the updater, or
the links on the f-prot site.
The date listed in the html for the defs on the f-prot site are almost always
wrong, but the files themselves are current, ie: the site says the defs are
dated 3/7, but the downloaded files
What else would you expect them to say at an Ingram event?
;-)
- Original Message -
From: "John Tolmachoff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 06, 2002 4:09 PM
Subject: RE: [Declude.Virus] OT: McAfee/Trend
Some info on McAfee:
I was at a recent reseller
PC-Cillin and Officescan include pcscan, probably the other products as well.
OR
You can grab it from http://www.antivirus.com/pc-cillin/support/edisks.htm.
This is their emergency disk creator, but I can find no restrictions on it's
use. There is no license file in the distro, no restrictions
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 21, 2002 9:48 AM
Subject: Re: [Declude.Virus] New Virus!?
> So the "problem" is that if one of your users gets a virus (which is much
> less likely, by running Declude Virus),
I prefer the Trend product line over both McAfee and Norton.
In general, fewer workstation problems, fewer server problems, fewer
deployment problems.
Trend recently upgraded their OfficeScan product (the desktop scanning
solution) from 3.54 to 5.0. We are responsible in some form for 10+ sites
Same here. The update actually came down at 8:00am EST here, so was posted
sometime between 7-8am EST.
Trend had their update out by 2:00am.
Jerry
- Original Message -
From: "Smart Business Lists" <[EMAIL PROTECTED]>
To: "R. Scott Perry" <[EMAIL PROTECTED]>
Sent: Thursday, February 14,
ftp.f-prot.com seems pretty reliable. Looks as if it's actually a round-robin
address for three different boxes.
Jerry
- Original Message -
From: "Grant Griffith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 14, 2002 12:51 PM
Subject: [Declude.Virus] Getting new
My experience with Cygwin's ncftpget is that it mangles the file date, at
least under Win9X and NT. Haven't tested it under 2K/XP.
Jerry
- Original Message -
From: "Aaron Roydhouse" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, February 03, 2002 4:17 AM
Subject: Re: [Declude
I'm not sure what your asking. Update instructions are clearly described in
the virus listing on McAfee's site.
Jerry
- Original Message -
From: "Steve Spear" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 29, 2002 4:32 PM
Subject: Re: [Declude.Virus] McAfee Daily DA
- Original Message -
From: "Jerry Murdock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 28, 2002 6:53 PM
Subject: [Declude.Virus] McAfee Daily DAT Command
Line Scanner Update Script
> As requested a few times, attached is a script to u
- Original Message -
From: "Jerry Murdock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 16, 2002 3:49
AM
Subject: [Declude.Virus] New lower-bandwidth f-prot
update script.
> Attached is a new updfprot script using wget
instead of ft
The downside of McAfee updates is that it takes an EXTREME event for them to
budge from weekly updates of the release version of the dat file, which means
the built-in auto update is slow to react in these situations.
You either need to manually get the extra.dat file from their web site, or the
Trend's PCScan.exe works well. The only problem is that the output is not
easily parsed, so Declude's REPORT directive doesn't work(unless there has
been an update I'm unaware of).
My approach for batch file based scanning was to put PCScan after F-Prot,
under the presumption that F-Prot would c
Attached is a new updfprot script using wget instead of ftp. It does not
download the files unless they are updated. It's also marginally smarter
about unzipping the files and won't even attempt it unless a new file has been
downloaded.
I use the wget included with cygwin(www.cygwin.com), but I
- Original Message -
From: "Jonathan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 15, 2002 10:27 PM
Subject: RE: [Declude.Virus] F-Prot Updater
> Thanks for the script, Jerod - it'll make a good stop-gap for now. :)
>
> Pretty tempting to do a date/time check on t
That's been my experience as well. Usually a fairly benign office-macro type
virus that may have been around on the originating system for a while, coming
from a laptop or home pc that is not well-controlled.
Never been a real problem, but you still get "how did this get through" type
questions.
FP-Win has been updated.
The "Can't run more than one instance of this program!" under NT4 appears to
be fixed now.
They haven't updated the version number.
Jerry
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus m
What OS?
My experience is it's only an NT4 problem, and then only the Windows on-demand
scanner. For me this makes it basically a non-issue for imail, but it is an
annoyance.
Jerry
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 08, 2002 2
oad was an issue, I'd go
ahead and (cautiously) try it.
Jerry
- Original Message -
From: "David Dodell" <[EMAIL PROTECTED]>
To: "Jerry Murdock" <[EMAIL PROTECTED]>
Sent: Monday, December 24, 2001 12:30 PM
Subject: Re[2]: [Declude.Virus] f-prot 3.11b
>
Everyone with this problem needs to open a report with frisk. The squeaky
wheel
Jerry
- Original Message -
From: "David Dodell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 24, 2001 10:52 AM
Subject: [Declude.Virus] f-prot 3.11b
> I just redownloaded 3.11b, r
I get the same problem on my NT4 machines, but all seems OK on my W2K and W98
machines. They probably broke the NT4 detection when they fixed the
XP/terminal services issue. My Declude seems fine with 3.11b.
It's an annoyance, but I'm sure they'll get a fix soon.
A much more important (undocum
FYI, for those that don't auto-update the engine via FTP:
I don't think all the mirrors are updated yet.
Jerry
- Original Message -
From: "fp-admin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 21, 2001 11:24 AM
Subject: New version of F-PROT (3.11b)
>
>
>
> This
The 7.0 reset the registry entry for Declude.
Just run declude.exe once manually, and it will re-install the
entry.
Jerry
- Original Message -
From:
Jim Colunio
To: [EMAIL PROTECTED]
Sent: Wednesday, December 19, 2001 8:59
AM
Subject: [Declude.Virus] Mail
Thanks, saved me testing it.
Jerry
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 18, 2001 9:24 PM
Subject: Re: [Declude.Virus] TempDir
>
> >Will MAXATONCE also help limit it, or does Declude go ahead and decode
> >everyt
Will MAXATONCE also help limit it, or does Declude go ahead and decode
everything before the prior instances have finished?
Jerry
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 18, 2001 7:05 PM
Subject: Re: [Declude.Virus]
Have you ever known a product with Pro and Standard versions to always add new
features to both? Generally Standard version are effectively feature-frozen
until a major upgrade. Declude has continually put most of the incremental
upgrades into the Standard version. Saving a few bells and whist
It works with the other notifications. Why is the BANNotify restricted?
Jerry
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 10, 2001 12:21 PM
Subject: Re: [Declude.Virus] BANnotify
>
> >>>2. I would like to Bcc my self a
Thanks for the clarification.
About the only thing left on my wish list(if I hadn't rolled my own) would be
an imail1 wrapper for WebMail.
Jerry
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 06, 2001 10:03 PM
Subject:
Wow, a lot of stuff for a .01 rev. Sounds great.
Clarification please on DELETEVIRUSES. I assume it doesn't try to remove the
attachment, but deletes the queue files.
Jerry
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, Decembe
I've caught about 30 with f-prot since noon-ish(EST) when the patterns were
updated.
Jerry
Subject: Hi
Incoming/Outgoing: incoming
Number Recepients: 1
Message ID: <001401c17cf8$2ce20c70$6664a8c0@XX>
Date: 12/04/2001
Time: 14:17:52
QueueFile Name: D215d228.SMD
Infected File: gone.scr
Virus N
The report should list these dates:
SIGN.DEF created 4. December 2001
SIGN2.DEF created 4. December 2001
MACRO.DEF created 30. November 2001
- Original Message -
From: "Grant Griffith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 04, 2001 2:40 PM
Subject: RE: [Dec
Does Mcafee's auto-update update the engine, or is it still broken?
- Original Message -
From: "Andy Schmidt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, November 29, 2001 3:44 AM
Subject: [Declude.Virus] Warning - Incomplete BadTrans Detection with
www.frisk.is
- Original Message -
From: "Grant Griffith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 28, 2001 12:25 PM
Subject: [Declude.Virus] F-Prot
> Where can I get the DOS virus scanner to use with Declude Virus? I just
> purchased this and need to get t
On my copy of F-Prot, you can schedule it as often as every hour. But in any
event: d:\path\updater.exe /RUN /INTERNET /QUIT.
In my opinion scheduling an FTP script is a better alternative, allowing
automatic update of both f-prot.exe and the .def files, with no worries the
updater will hang-up.
et the new engines ?
> I just got my CD last week ?
>
>
>
> - Original Message -
> From: "Jerry Murdock" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, October 11, 2001 8:23 PM
> Subject: Re: [Declude.Virus] McAfee
ying with ME (management edition), I downloaded and saved latest
> DAT with netshield, and used it to updated other machienes with netshield,
> but could not use it on machines with Viruscan, it gives a message that it
> could not get update.ini
> any idea what to do ?
>
> 3- can/s
Has anyone tried just setting VIRDIR to NUL?
Jerry
- Original Message -
From: "Adolfo Justiniano" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, October 06, 2001 11:29 AM
Subject: MISSING_REVERSE_DNS:Re: Re[2]: [Declude.Virus] not storing viruses
> I would like to have tha
-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Murdock
> > Sent: Friday, October 05, 2001 11:39 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Declude.Virus] New Mcafee Scan Engine Released - 4.1.50
> >
> >
> > Tra
What's TNEF!!??
>
> Mark Chadwick
> IT Support Engineer
> Science International
> Bateman House
> 82-88 Hills Road
> Cambridge
> UK
> CB2 1LQ
>
> Tel: +44 (0)1223 326512
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROT
Seeing that Mcafee now does TNEF, I checked out F-Pror again too. To my
surprise, it appears works as well, just make sure /archive is on the command
line.
The support was evidently slipped in somewhere between 3.08b and 3.10. As it
was never announced from what I can see, I don't know how robu
FYI:
I just noticed my Mcafee installs have a new Scan engine.
The new Mcafee scan engine - 4.1.50 was released on the 9/26.
CHECK YOUR VERSION. Some versions of Mcafee's auto-update only update the
.dat files and and not the engine.
Most important addition from a Declude perspective -- TNEF
It would be nice, but I'd still be stuck with using a batch file until there
is TNEF support too. I feel much more comfortable with my multi-scanner batch
file than I do with my TNEF hacks.
Jerry
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sen
- Original Message -
From: "Dan Spangenberg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 03, 2001 4:16 PM
Subject: RE: [Declude.Virus] errors in log file
> Scott and/or Jerry;
>
> I could use some help from you or possibly Jerry on getting the batch file
> right.
No.
The F-Secure product licenses the f-prot engine from Frisk, the result is the
"command line" scanner in both is the same. F-Secure actually uses both the
F-Prot and Kaspersky engines in the Windows version.
Jerry
- Original Message -
From: "Jim Jones, Jr." <[EMAIL PROTECTED]>
To:
It's new. F-Prot has already updated the
defs. Get them.
- Original Message -
From:
J Porter
To: [EMAIL PROTECTED]
Sent: Tuesday, September 18, 2001 2:04
PM
Subject: [Declude.Virus] new virus FPROT
not stopping
I received an email this AM containing a n
FYI:
F-Prot has already been updated for this today. Get the new fp-def.
Jerry
- Original Message -
From: "Terrence Koeman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 12:42 PM
Subject: [Declude.Virus] OT: Alert: New IIS Worm
> Offtopic
>
> >From N
What version of Declude?
What version/scan engine rev/signature rev of Netshield?
Do you know the source and message format of the incoming message?
Jerry
- Original Message -
From: "Sharyn Schmidt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 12, 2001 10:49 AM
- Original Message -
From: "John Shacklett" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 06, 2001 8:22 AM
Subject: [Declude.Virus] 1.25a issues
> yesterday morning. The unsettling thing was when I tried to kill that
> process in task manager, I was prevented. Tol
Hmm...
I think that is too broad an interpretation of "emulation." I would suspect
it does nothing more than what McAfee does by default, and that you can turn
off with the /NOCOMP switch.
Seeing as it apparently works with the Windows and Linux versions as well,
they would have to have a lot o
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 31, 2001 9:05 AM
Subject: Re: [Declude.Virus] F-Prot Stuff
> /PACKED is a very different beast. It will attempt to scan compressed
> .EXE's (such as PKLite or Neolite) by actuall
FWIW, I also have /PACKED and /COLLECT on my line.
I do not have /TYPE, as either /DUMB _OR_ /TYPE can be used, but supposedly
not both together. I use /DUMB. Don't know if it really hurts to have both
though.
Jerry
- Original Message -
From: "Jonathan" <[EMAIL PROTECTED]>
To: <[EMAI
What's your command line?
- Original Message -
From: "Jonathan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 30, 2001 9:01 PM
Subject: [Declude.Virus] F-Prot Stuff
> F-Prot support finally got back to me on that virus I submitted on the
> 13th. "We will add this v
> Are you using "LOGLEVEL DEBUG" in the virus.cfg file? That would cause
this.
Of course - I was still testing the upgrade. Changing it to HIGH fixed
the pop-ups. I LIKE this feature, just wish I had known about it. Needs to
be in the docs.
> That's different, actually (that's for the Decl
One more new thing I just noticed.
I get a console screen of the virus scanning popping up whenever I am logged
into the server.
I added CONSOLE OFF to the virus .cfg and get "08/22/2001 16:37:39 Console
turned OFF" in the log file.
It did not do this before.
Please help again.
Jerry
Aggghh!
I had dropped the new file into the \imail\declude directory. Had forgotten
it should go in \imail. I'll go bang my head against the wall later.
It all works now.
But
I did see the following the new log file:
08/22/2001 15:50:18 Setting Scan File to d:\imail\declude
Scott:
Can you take a look at the attached files? The zip contains the queue files
of the test message, my recip.eml, debug log output for the message, and the
generated recipient notification.
I went through the queue file and 0'd out the test virus, so it no longer
contains a virus, but the h
Can someone post a working recip.eml that uses the ONLYSENDIFREMOTESENDER
option?
I can't seem to get it working as expected. The recip.eml always goes out.
Also, what is determining local/remote status?
Thanks,
Jerry
This E-mail came from the Declude.Virus mailing list. To
unsubscribe
Has this been announced yet? Didn't see it on the site.
Are the per domian/user settings the only addition, or are more planned?
Jerry
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You c
Expected since mcafee and solomon share the same engine.
FWIW: Norman does not catch it either.
Kaspersky identifies it as i-worm/magistr.corrupted. I found the "corrupted"
interesting, don't know what it really means though.
Jerry
- Original Message -
From: "Dan Spangenberg" <[EMAIL
t;
> Scanning for viruses.
>
> Found a virus 'TROJ_W95NUKER' in Winnuke.exe of C:\TEMP\WINNUKE.ZIP
> (Non-Cleanable)
> Action taken on virus file C:\TEMP\WINNUKE.ZIP : (Leave alone)
> Found a virus 'TROJ_W95NUKER' in C:\TEMP\WINNUKE.EXE (Non-Cleanable)
>
I think it's just a link to Trend's browser based scanner.
http://housecall.antivirus.com
Jerry
- Original Message -
From: "Dan Spangenberg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 14, 2001 10:53 AM
Subject: RE: REVDNS:RE: [Declude.Virus] Virus Issue
> I neve
Yes.
My simplified batch file is attached, along with one support utility that sets
the errorlevel to "EE" hex.
Rename the ErrEE.co_ to ErrEE.com.
Use VIRUSCODE 238 in virus.cfg.
This is completely unsupported, use at your own risk, your mileage may vary,
etc.
Jerry
- Original Message --
- Original Message -
From: "Jim Jones, Jr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 05, 2001 11:18 AM
Subject: Re: [Declude.Virus] F-Prot, Declude and CPU usage...fprot update?
> We only have the dos version of fprot... 3.10, i think. I have tried the
> ftp scrip
FWIW, I'd like to see this as well.
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 03, 2001 7:42 PM
Subject: Re: [Declude.Virus] stopping alerts to non-local users
>
> >Is there a way to force Declude to not send alerts out t
One liner that will work under any version of DOS/Win/NT(only one .exe in
dir):
for %%q in (SDAT*.exe) DO %%q -commandline
or
If you are keeping older copies of the sdats in the same directory, and want
to execute the newest version(NT only):
for /F %%q in ('dir d:\path\SDAT*.exe /a-d-s /b /o:
Download the latest sdat package and run sdat.exe /e d:\path.
This will extract all the sdat files into the specified directory. The
extracted files include everything needed for command line functionality. I
haven't used the mcafee installer for command line only functionality in a
couple o
The simplest, most reliable thing for Mcafee would probably be for Declude to
understand the /BADLIST file. It would be a Mcafee specific enhancement, but
would be easier to parse.
Another option would be multiple REPORT lines ideally with regular expression
support.
But to suit my needs, all I
Thanks.
Not complaining at all, just needed to know.
I'll roll my own for now, at least with Declude I have this option - more than
I can say for other products.
Jerry
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 05, 2001
Any word on when TNEF support will be rolled in?
I haven't updated my rigged TNEF support to work with 1.14 yet.
If Declude's is in the near term, I may wait - but my client has WAY too many
folks using RTFs in Outlook for me to look the other way for long.
Thanks,
Jerry
[ This E-mail came fr
n reading my file. I think I just overlooked that probably.
>
> So you have to use DOS paths.
>
> Sorry.
>
>
> -Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Murdock
> Sent: Thursday, February 22, 2001 7:57
This isn't right. F-prot will detect .txt without problems. Use the "/dumb"
switch. It's a bad name, but really means to check all files regardless of
extension.
Jerry
- Original Message -
From: "OurLists" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 22, 2001 5
The Declude/Fprot catches Anna if running Declude 1.14 for me.
What version F-Prot are you running. What are the dates on your .def files?
- Original Message -
From: "OurLists" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001 2:16 PM
Subject: RE: [Declude.Vir
F-Prot finds Anna without problems for me, as long as I use Declude v1.14.
With V1.13 none of the three I currently have installed (Trend, F-Prot,
Mcafee) find Anna.
Jerry
- Original Message -
From: "OurLists" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001
96 matches
Mail list logo