Look under:
\Program Files\Common Files\Softwin\BitDefender Scan Server
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting
S.A. Luis Alberto Arango
Sent: Friday, May 27, 2005 1:06 AM
To: Declude.Virus@declude.com
Subject: RE:
Have to admit this has been on my list of things to investigate as well.
The auto-update is there, but looks to require the console logged in -
but have to admit I haven't looked hard.
Any luck running the update as a service or via command line?
Jerry
-Original Message-
From: [EMAIL
Consider Clam AV, open source and in some ways does a better job for
mail scanning than most commercial products. It can be a little
resource intensive, so if your utilization at the edge you may want to
monitor it for a while.
For Trend products, you may need a serverprotect or officescan
For TEST 17, Whatever the technical vulnerability is called - there is a
copy of eicar encoded in the headers that Outlook (at least) can see -
haven't tested OE or others.
Symantec and Trend gateways catch it, as do the command line scanners
previously noted.
Jerry
-Original Message-
They've changed the location of the real dos files on the ftp server.
They are now in /pub/dos. There are symlinks in /pub, but wget
can be a little flaky when following symlinks.
It's probably best to change the location for the fp-3*.zip to
dos/fp-3*.zip to insure minimal duplicate
The script has not updated the exe for a very simple reason - they have not
updated the DOS distro yet.
All those steps shouldn't be necessary if not installing the Windows stuff.
At most stopping SMTP is all that is needed.
Jerry
- Original Message -
From: Panda Consulting S.A - Luis
Isn't Command just F-Prot dressed up a little?
Jerry
- Original Message -
From: John Tolmachoff [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 20, 2002 4:02 PM
Subject: RE: [Declude.Virus] MacAfee kosher or not?
I am currently looking into Kaperseky and Command AV,
- Original Message -
From: "Thomas E. Hall" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 15, 2002 2:59 PM
Subject: RE: [Declude.Virus] Virus
software
Has anyone writen a ftp script to auto-update Trend Micro's PCscan
virus def's?
Here as an attachment and in-line.
NOD32 has uncluttered server licensing at $300. Same for Kaspersky but at
$560. Not sure how compatible with Declude either of the report formats are.
Norman is decent and will install, but licensing may be an issue.
Trend's PCScan is freely available via their emergency disk download, with
no
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 12, 2002 10:22 AM
Subject: Re: [Declude.Virus] W32/Frethem-Fam
Very interesting, since McAfee never sent out an alert about it. However,
McAfee seems to use their E-mail virus
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 12, 2002 11:39 AM
Subject: Re: [Declude.Virus] W32/Frethem-Fam
It seems to also use the MIME header exploit. This is such a
common virus element, maybe Declude should have an
Original Message -
From: Thomas E. Hall [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 12, 2002 1:11 PM
Subject: RE: [Declude.Virus] W32/Frethem-Fam
We are using scripts to update F-Prot. Does the windows F-Prot update run
as a service or do you have to leave the
, 2002 9:08 PM
Subject: RE: [Declude.Virus] Which F-Prot scanner to call?
Hmmm, so it does work then...? Thanks, Jerry, I'll do some testing, as
well. Scott, has Declude tested both and which one is officially
recommended?
Thanks,
Bill
-Original Message-
From: Jerry Murdock
]
[mailto:[EMAIL PROTECTED]] On Behalf Of Jerry Murdock
Sent: Wednesday, May 22, 2002 12:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] OT queston
Works fine for our purposes running smtp/imap/pop through it. Not
knowing
your load, I should point out we're dealing with a few hundred
Only relatively old patterns should be missing Klez.
Make sure your running the latest engine. Mcafee is not good about updating
the engine sometimes.
Have you run the latest SDAT?
Jerry
- Original Message -
From: Dan Olsen (DANO) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
fpcmd.exe may work OK if you want to keep the 8.3 name generation turned off.
I wouldn't though, unless absolutely 100% sure of everything that may EVER run
on the server.
Jerry
- Original Message -
From: David Dodell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, March 24, 2002
I've had no problems with my scripts that use ftp.f-prot.com, the updater, or
the links on the f-prot site.
The date listed in the html for the defs on the f-prot site are almost always
wrong, but the files themselves are current, ie: the site says the defs are
dated 3/7, but the downloaded
, 2002 10:38 AM
Subject: RE: [Declude.Virus] F-prot def files
ftp.f-prot.com/pub
shows a .zip from today but when you open the file it contains a file dated
in january or december
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Murdock
Sent
PC-Cillin and Officescan include pcscan, probably the other products as well.
OR
You can grab it from http://www.antivirus.com/pc-cillin/support/edisks.htm.
This is their emergency disk creator, but I can find no restrictions on it's
use. There is no license file in the distro, no
I prefer the Trend product line over both McAfee and Norton.
In general, fewer workstation problems, fewer server problems, fewer
deployment problems.
Trend recently upgraded their OfficeScan product (the desktop scanning
solution) from 3.54 to 5.0. We are responsible in some form for 10+
Same here. The update actually came down at 8:00am EST here, so was posted
sometime between 7-8am EST.
Trend had their update out by 2:00am.
Jerry
- Original Message -
From: Smart Business Lists [EMAIL PROTECTED]
To: R. Scott Perry [EMAIL PROTECTED]
Sent: Thursday, February 14, 2002
- Original Message -
From: "Jerry Murdock" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 16, 2002 3:49
AM
Subject: [Declude.Virus] New lower-bandwidth f-prot
update script.
Attached is a new updfprot script using wget
instead of ftp. It does no
- Original Message -
From: "Jerry Murdock" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 28, 2002 6:53 PM
Subject: [Declude.Virus] McAfee Daily DAT Command
Line Scanner Update Script
As requested a few times, attached is a script to update the engine
and
I'm not sure what your asking. Update instructions are clearly described in
the virus listing on McAfee's site.
Jerry
- Original Message -
From: Steve Spear [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 29, 2002 4:32 PM
Subject: Re: [Declude.Virus] McAfee Daily DAT
The downside of McAfee updates is that it takes an EXTREME event for them to
budge from weekly updates of the release version of the dat file, which means
the built-in auto update is slow to react in these situations.
You either need to manually get the extra.dat file from their web site, or the
That's been my experience as well. Usually a fairly benign office-macro type
virus that may have been around on the originating system for a while, coming
from a laptop or home pc that is not well-controlled.
Never been a real problem, but you still get how did this get through type
questions.
What OS?
My experience is it's only an NT4 problem, and then only the Windows on-demand
scanner. For me this makes it basically a non-issue for imail, but it is an
annoyance.
Jerry
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 08, 2002 2:45
FP-Win has been updated.
The Can't run more than one instance of this program! under NT4 appears to
be fixed now.
They haven't updated the version number.
Jerry
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus
FYI, for those that don't auto-update the engine via FTP:
I don't think all the mirrors are updated yet.
Jerry
- Original Message -
From: fp-admin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 21, 2001 11:24 AM
Subject: New version of F-PROT (3.11b)
This is a
The 7.0 reset the registry entry for Declude.
Just run declude.exe once manually, and it will re-install the
entry.
Jerry
- Original Message -
From:
Jim Colunio
To: [EMAIL PROTECTED]
Sent: Wednesday, December 19, 2001 8:59
AM
Subject: [Declude.Virus] Mail
Have you ever known a product with Pro and Standard versions to always add new
features to both? Generally Standard version are effectively feature-frozen
until a major upgrade. Declude has continually put most of the incremental
upgrades into the Standard version. Saving a few bells and
Will MAXATONCE also help limit it, or does Declude go ahead and decode
everything before the prior instances have finished?
Jerry
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 7:05 PM
Subject: Re: [Declude.Virus]
Thanks, saved me testing it.
Jerry
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 9:24 PM
Subject: Re: [Declude.Virus] TempDir
Will MAXATONCE also help limit it, or does Declude go ahead and decode
everything
Wow, a lot of stuff for a .01 rev. Sounds great.
Clarification please on DELETEVIRUSES. I assume it doesn't try to remove the
attachment, but deletes the queue files.
Jerry
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 06,
I've caught about 30 with f-prot since noon-ish(EST) when the patterns were
updated.
Jerry
Subject: Hi
Incoming/Outgoing: incoming
Number Recepients: 1
Message ID: 001401c17cf8$2ce20c70$6664a8c0@XX
Date: 12/04/2001
Time: 14:17:52
QueueFile Name: D215d228.SMD
Infected File: gone.scr
Virus
Does Mcafee's auto-update update the engine, or is it still broken?
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, November 29, 2001 3:44 AM
Subject: [Declude.Virus] Warning - Incomplete BadTrans Detection with McAfee
www.frisk.is
- Original Message -
From: Grant Griffith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 12:25 PM
Subject: [Declude.Virus] F-Prot
Where can I get the DOS virus scanner to use with Declude Virus? I just
purchased this and need to get the
FYI:
I just noticed my Mcafee installs have a new Scan engine.
The new Mcafee scan engine - 4.1.50 was released on the 9/26.
CHECK YOUR VERSION. Some versions of Mcafee's auto-update only update the
.dat files and and not the engine.
Most important addition from a Declude perspective -- TNEF
Seeing that Mcafee now does TNEF, I checked out F-Pror again too. To my
surprise, it appears works as well, just make sure /archive is on the command
line.
The support was evidently slipped in somewhere between 3.08b and 3.10. As it
was never announced from what I can see, I don't know how
It would be nice, but I'd still be stuck with using a batch file until there
is TNEF support too. I feel much more comfortable with my multi-scanner batch
file than I do with my TNEF hacks.
Jerry
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
- Original Message -
From: Dan Spangenberg [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 4:16 PM
Subject: RE: [Declude.Virus] errors in log file
Scott and/or Jerry;
I could use some help from you or possibly Jerry on getting the batch file
right. I am
No.
The F-Secure product licenses the f-prot engine from Frisk, the result is the
command line scanner in both is the same. F-Secure actually uses both the
F-Prot and Kaspersky engines in the Windows version.
Jerry
- Original Message -
From: Jim Jones, Jr. [EMAIL PROTECTED]
To:
FYI:
F-Prot has already been updated for this today. Get the new fp-def.
Jerry
- Original Message -
From: Terrence Koeman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 18, 2001 12:42 PM
Subject: [Declude.Virus] OT: Alert: New IIS Worm
Offtopic
From NTBUGTRAQ:
It's new. F-Prot has already updated the
defs. Get them.
- Original Message -
From:
J Porter
To: [EMAIL PROTECTED]
Sent: Tuesday, September 18, 2001 2:04
PM
Subject: [Declude.Virus] new virus FPROT
not stopping
I received an email this AM containing a new
Hmm...
I think that is too broad an interpretation of emulation. I would suspect
it does nothing more than what McAfee does by default, and that you can turn
off with the /NOCOMP switch.
Seeing as it apparently works with the Windows and Linux versions as well,
they would have to have a lot of
What's your command line?
- Original Message -
From: Jonathan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 30, 2001 9:01 PM
Subject: [Declude.Virus] F-Prot Stuff
F-Prot support finally got back to me on that virus I submitted on the
13th. We will add this virus to
Can someone post a working recip.eml that uses the ONLYSENDIFREMOTESENDER
option?
I can't seem to get it working as expected. The recip.eml always goes out.
Also, what is determining local/remote status?
Thanks,
Jerry
This E-mail came from the Declude.Virus mailing list. To
Scott:
Can you take a look at the attached files? The zip contains the queue files
of the test message, my recip.eml, debug log output for the message, and the
generated recipient notification.
I went through the queue file and 0'd out the test virus, so it no longer
contains a virus, but the
One more new thing I just noticed.
I get a console screen of the virus scanning popping up whenever I am logged
into the server.
I added CONSOLE OFF to the virus .cfg and get 08/22/2001 16:37:39 Console
turned OFF in the log file.
It did not do this before.
Please help again.
Jerry
Has this been announced yet? Didn't see it on the site.
Are the per domian/user settings the only addition, or are more planned?
Jerry
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus. You
I think it's just a link to Trend's browser based scanner.
http://housecall.antivirus.com
Jerry
- Original Message -
From: Dan Spangenberg [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 14, 2001 10:53 AM
Subject: RE: REVDNS:RE: [Declude.Virus] Virus Issue
I never did
: (Leave alone)
Found a virus 'TROJ_W95NUKER' in C:\TEMP\WINNUKE.EXE (Non-Cleanable)
Action taken on virus file C:\TEMP\WINNUKE.EXE : (Leave alone)
---
-Bill Doyle [[EMAIL PROTECTED]]
- Original Message -
From: Jerry Murdock [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent
Expected since mcafee and solomon share the same engine.
FWIW: Norman does not catch it either.
Kaspersky identifies it as i-worm/magistr.corrupted. I found the corrupted
interesting, don't know what it really means though.
Jerry
- Original Message -
From: Dan Spangenberg [EMAIL
Yes.
My simplified batch file is attached, along with one support utility that sets
the errorlevel to EE hex.
Rename the ErrEE.co_ to ErrEE.com.
Use VIRUSCODE 238 in virus.cfg.
This is completely unsupported, use at your own risk, your mileage may vary,
etc.
Jerry
- Original Message
Any word on when TNEF support will be rolled in?
I haven't updated my rigged TNEF support to work with 1.14 yet.
If Declude's is in the near term, I may wait - but my client has WAY too many
folks using RTFs in Outlook for me to look the other way for long.
Thanks,
Jerry
[ This E-mail came
55 matches
Mail list logo