nt to have to start scanning JPEG's and wasting a ton of
additional resources to do so.
Matt
R. Scott Perry wrote:
Unfortunately this is from Microsoft's main web page, just click on the
"Critical Update" in the upper right corner of the page.
I'm still trying to figure
D]
X-OriginalArrivalTime: 17 Sep 2004 20:51:11.0635 (UTC)
FILETIME=[10876E30:01C49CF8]
I can't find any descriptions for the exploit on the F-Prot site nor on
Google.
Thanks,
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
x27;s are one of the few worst-case scenarios.
Fingers crossed, hoping that the high school kids are all busy with
school for now.
Matt
R. Scott Perry wrote:
> Without blocking all .JPG files, nothing. The problem is that
there is a
> lack of information on how to detect such .JPG's.
generally smart enough to make my
own decisions, or at least fully willing to take responsibility for
them :)
Matt
John Tolmachoff (Lists) wrote:
This looks like a clear explanation to me:
18.3 Outlook 'Blank Folding' Vulnerability: This vulnerability occurs when
there is a line
PG files, and intercepting such files for scanning prior to display in
Internet Explorer could drive many machines into the ground in terms of
performance. Shame on Microsoft.
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
es reality, but I would prefer
to be a step ahead on something this obvious.
Thanks,
Matt
marc wrote:
installed 1.80 declude virus (restart imail smtp) and sending the
infected JPEG jpegcompoc.zip (http://www.gulftech.org/?node=downloads)
it was not automatically detect and goes trough, u
hey
typically don't handle the files directly from the Internet, and most
of course aren't using Microsoft's code for this. I do a lot of
graphic design work and haven't found a non-MS app yet that had a
vulnerable version of GDI on all of the machines that I own.
Matt
Sanford
ue to wait patiently since I don't expect miracles to happen
overnight, but I would really, really appreciate it if you could raise
the priority of when to allow us to turn these all off and on individually.
Thanks,
Matt
--
=
MailPure cus
oduce something that Declude could be coded to support (provided that
Scott is willing of course).
Matt
Bill Landry wrote:
I just found that if you have "PRESCAN" set to on, you will not be able to
catch these BankFraud/Phishing e-mails. However, if you set "PRESCAN" to
"
some protections for zip files with malformed headers that might detect
this exploit.
Matt
Tito Macapinlac wrote:
Hi,
Here is a bulletin re: new vulnerability regarding zip files. Maybe another good
reason to ban zip files if your AV is vulnerable.
http://www.idefense.com/application/poi
Chris,
It's always helpful to share the actual lines of your log when asking a
question such as this. That will clear up any possible misperceptions
and allow one to focus on what happened.
Matt
Chris Patterson wrote:
I have had two reports in the last 2 days about a virus coming through
e updating your
definitions on an hourly basis and also think about adding a second
scanner if things like this are going to cause problems for your
clients and business.
Matt
Chris Patterson wrote:
Log Files:
10/19/2004 12:58:45 Q47c21ade0114a44b MIME file: [EMAIL PROTECTED]
[base64; Le
that even if I threw
Ipswitch another $4,000, nothing would really change with them except
for the damn price, and I really, really hate being taken advantage of.
Maybe you are confident about your plans for the future, but not knowing
them, how could I be.
Thanks,
Matt
R. Scott Perry wrote:
You
make sure that these file types are in your BANEXT
list. This will allow through all other types of files within the
encrypted zips, including the CSV file that your client wants to
receive.
Matt
Peter Lowish wrote:
Declude 1.81 virus
standard
A client reguarly receives a
Sandy,
So what do you do when the next IMail exploit pops up such as that LDAP
exploit and you have no way to fix the bug? Can a serious business
even take the risk of this happening?
No.
I can't see myself on IMail for any more than a year from now.
Matt
Sanford Whiteman
his upgrade path is a screw if I've ever seen
one, and they will never get another dime from me unless the management
is forced out that made these choices. Consider that to be a personal
observation and preference, so the sky is definitely blue.
Matt
Matt
Sanford Whiteman wrote:
Just a couple of thoughts...Maybe there is a limitation with strings
that involve a space? Alternatively, maybe there was no name reported
by the scanner, and this was just simply the value that Declude logged.
Matt
Markus Gufler wrote:
Now the F-prot update is arrived also here
ither has an MX or an A record. Adding one of these
will keep that test from failing.
Matt
Declude wrote:
Hi John,
this is the actual forwarding
of one eMail of my customer.
I guess I have to make a reverse DNS entry, don't you think ?
Uwe
Received: from lasthope [217.235.73.14] by irg
their job.
Matt
R. Scott Perry wrote:
I did as Scott recommended and turned off prescan; but afterwards I
noticed in the clam logs that ClamAV had caught phish previously with
prescasn ON sooo why would you think that is so? eg - I guess what
I'm asking is will ClamAV reliably anti-phish to
ht soon become my only
realistic choice. I'm going to guess that this might remove more than
25% of my system's capacity however, and that gets costly.
Matt
Greg Little wrote:
We are on exactly the same track.
If this kind of attack catches on, and the e-mail can look like almost
anythin
Bill Landry wrote:
Matt, thanks for the analysis. I would very much like to know what the
additional load is on your server by setting PRESCAN to OFF. Please do post
your results if you test this. I have had PRESCAN OFF for a few weeks now,
and have not noticed much of an increase on my
al of other things (zombie spam) that similarly
lack things that would trip PRESCAN. So it is likely that more of the
E-mail reaching your Declude Virus installation was being scanned prior
to turning PRESCAN off than on mine.
Matt
Nick wrote:
On 10 Nov 2004 at 16:33, Matt wrote:
Matt -
Woul
s.
I played around with daemon mode several months back, but there was an
issue with the service not shutting down when you told it to, so I
abandoned it for the time being. Maybe some others have information
about how to do this properly now with newer builds.
Matt
John Carter wrote:
Has a
ubstantial relief.
If his other scanner isn't F-Prot, he should also think about switching
because there is nothing as efficient as F-Prot, and it hardly uses any
resources.
Matt
Terry Fritts wrote:
ClamAV when not run in daemon mode is very slow in comparison to other
virus scanners.
t's own,
but I could be wrong).
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
Matt
Panda Consulting S.A. Luis Alberto Arango wrote:
Their release notes say
"Among improvements introduced in version 3.16 of F-Prot Antivirus for
Windows is a new
riggering exit code 9 on damaged files
might be highly indicative of corrupt viruses, but it could also trip on
many different forms of corrupt data, and could cause false positives.
I wouldn't recommend adding these codes to Declude based on the release
notes.
Matt
Goran Jovanovic wrote
anned.
That would be difficult to prove unless your Debug log has more
information such as the file names created and the sizes of each file,
and this exposed a flaw.
Matt
Bill Landry wrote:
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
sure that you purchase over the Internet to save substantially.
http://shopper-search.cnet.com/search?part=&q=Symantec+Corporate+Edition+Server+9.0
Matt
Bill Green dfn Systems wrote:
We've been using Declude/F-Prot to protect our email users, and
Symantec Corp. Ed. to protect t
I'm not an expert on Symantec licensing, but you can definitely buy the
media online as well.
http://shopper-search.cnet.com/search?part=&q=Symantec+Corporate+Edition+media+9.0
Matt
Dean Lawrence wrote:
Matt,
Looking at the costs on cnet, I don't see any mention of if you
Bill,
Thanks a bunch for the kind words.
Matt
Bill Green dfn Systems wrote:
Thanks Matt. I dare say there are probably many like myself that you
don't hear from much, but we read the postings and learn a lot from
you "regular posters". It is much appreciated.
Bill Gr
single scanner since it appears that
they are more stable, though it is clear that any single scanner can
have issues from time to time.
Matt
Colbeck, Andrew wrote:
Thanks, Matt.
I only went for the Lite version because this is a gateway scanner. The
internal mail servers are indeed protected
F-Prot. McAfee is of course a
bit more responsible with their definitions, so if capacity isn't a
problem, I would use that over ClamAV regardless.
Matt
Colbeck, Andrew wrote:
I'm using the f-prot command line scanner, and the lines in the
virus.cfg look like this:
SCANFILEC:\
loyees that tends to create more spam,
and of course a general rise in spam rates. Earlier this year I
thought that zombie spam had gone through the roof, but in fact what
was happening was isolated to the domains that started being dictio
http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=pdf+virus
Matt
Mark Smith wrote:
Does anyone know of a reason why to scan PDF files?
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
een
something exploit this vulnerability and maybe there's a detection issue
created by the eicar code in this way?
Matt
William Stillwell wrote:
fixed #16
PRESCAN OFF
#17 goes thru,
- Original Message - From: "William Stillwell"
<[EMAIL PROTECTED]>
To: <[
HTML with
JavaScript will get scanned. Putting the eicar string in the middle of
HTML will trigger your scanner if scanned, but I'm not convinced that it
is exploitable in this format. Furthermore, turning PRESCAN OFF can
result in +40% extra processor utilization on a system running two scanners.
understand that Declude has a well warranted concern about unlicensed
usage of their software and improvements have to be made, however my
hands can't be tied nor my or my customer's privacy violated in order
to achieve this goal. Hopefully that will not be the case here.
Matt
Colbeck, Andr
In which regard?
- forging virus detection/MTLDB population (turned off by disabling
forging virus detection with the "AUTOFORGE OFF" switch)
- v1.8x installation (can't turn off, sends an E-mail, not sure what
triggers it)
- v2.0b installation (unconfirmed, but speculated).
Matt
would include major changes like this in
the release notes, otherwise it gives the appearance of being sneaky
when it comes to such items.
It is good that this is coming out now while in beta.
Matt
Info Wind wrote:
Dear Greg,
I think Declude will not make the mistake like Ipswitch. In the past
ng HLP files is extremely uncommon and
shouldn't be causing too many issues if you do.
Matt
Greg Little wrote:
http://msmvps.com/trafton/
Just added HLP to my block list.
(anyone what to vote, we just shut down the internet)
Greg
---
[This E-mail scanned for viruses by Findlay Internet]
--
#x27;t know. Anyway, it seems like it would be your choice
what to do with TIFF, though personally, I would not bother scanning it
unless I was made aware of JPG viruses spreading and morphing into other
extensions.
Matt
David Sullivan wrote:
Does anyone know a reason why .tiff should not be ex
are using IMail 8.1x, otherwise, try the Mail From address.
IMail should log the SMTP session and you should be able to piece that
together and figure out what happened.
Matt
Thomas Doxtater wrote:
Hi
all,
We
had some problems with a spam assassin box filling up over the past
w
e else seen either one of these errors on their systems?
Thanks,
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
ke being able to turn that off, or at least remove files from
the root might make a big performance difference when you have high
volume.
Thanks,
Matt
Colbeck, Andrew wrote:
FWIW, I recently ran into a weirdness with McAfee; I use the daily dat
download (engine plus dats), and have so for
Title: Message
Sounds like it's worth a test and some monitoring just to see if there
is a measurable difference in mail scanning activities.
Thanks for sharing.
Matt
Colbeck, Andrew wrote:
I should have also mentioned that the script
first makes a list of the files to
If so, that's one to add to the Declude Virus manualScott?
Matt
Scott Fisher wrote:
Try adding this to your command line:
--max-ratio 0
The support compression ratio feature (--max-ratio). Overly compressed files
may get falsely detected. I believe the 0 turns it off.
it worke
an
Bogus files should be treated as vulnerabilities are (historically),
and not as banned extensions. I'm running 1.82.
Declude, will you please respond to the problem.
Matt
Darin Cox wrote:
Yep. I just added SKIPIFEXT COM to
my bannotify.eml yesterday.
Darin.
-
bouncing when such a condition is detected.
Matt
Darin Cox wrote:
Yep. I just added SKIPIFEXT COM to
my bannotify.eml yesterday.
Darin.
-
Original Message -
From:
Scott Fisher
To: Declude.Virus@declude.com
Sent: Tuesday, March 15, 2005 3:31 PM
Subject:
with time as his spam campaign ramps up.
Matt
Scott Fisher wrote:
I had to put SKIPIFEXT COM into my
bannotify.eml file as a workaround.
-
Original Message -
From:
Matt
To:
Declude.Virus@declude.com
Sent:
Wednesday, March 16, 2005 10:09 AM
it's
just spam with a poor choice of name for an image file that is attached.
http://news.com.com/Zombie+PCs+being+sent+to+steal+IDs/2100-7349_3-5616202.html?tag=cd.top
Matt
Andy Schmidt wrote:
Hm,
What version of Declude Virus are you using?
mine
erver without
additional configuration, and it will not use Covad's server for lookups
unless you configure it to forward requests to their server (which you
don't want to do).
Setting up a DNS server is really your only legitimate option here.
Matt
Kevin Rogers wrote:
I received the follow
virus scanners with better management features such as
Symantec. It all depends on your exact goals.
Matt
Uwe Degenhardt wrote:
Hi list,
I have the following problem:
From time to time I got
virusses on my eMail-Server's HD (IMail, 6.06).
We have Declude and F-Prot 5.42 running on
a Win 2000 S
ate and I'm
more than covered there.
Matt
John Tolmachoff (Lists) wrote:
I sent an encrypted zip file out, changing the .zip to ._ip. F-prot scanned
it and returned code 8, so Declude dutifly tagged it as infected.
Virus Code 8 means suspect, correct?
If this is what F-Prot is going to do, we n
My fault for the misread, but I also addressed the issue regardless.
Remove VIRUS CODE 8 from your config if you don't want for this to
happen.
Matt
John Tolmachoff (Lists) wrote:
John,
I know that you don't follow this logic, but banning regular zips is
extreme and u
McAfee has been picking this up as "W32/[EMAIL PROTECTED]" since the first
copy arrived at 3 p.m. EST. I assume from the name that this is a
generic Bagle detection heuristic that pre-existed the virus.
Matt
John Carter wrote:
Starting to see repeat names. Reminds me of viruses s
on of the file itself as well as the renamed extension,
though this appears to not be globally the case based on Andrew's tests
that he shared.
Matt
John Tolmachoff (Lists) wrote:
The thing
is, it used to work as I have
done that before. Renaming the file is only to
as
a zero byte file with a zip extension. The pattern that this virus
uses results in an automatic hold on my system based on filters
designed for zombies (for instance it forges the HELO to match the
recipient domain), but most will also fail some DUL or other such
tests. I think Sniffer hit t
nism (a virus). I'm confident that I can
do this in a way that can capture most if not all zip viruses that have
been in the wild in the last year though I am concerned about the
potential of false positives and that will be the biggest problem in
figuring out how to do this.
Matt
John Tolmachof
und with
that a bit as well.
Matt
Gufler Markus wrote:
Good idea to create some combo
filter for small zip file attachments!
What about creating an external
test that will count up small zip file attachments in a separate file
and check if there are more then x suspicious zip
cy, it's
just a matter of due diligence and if that doesn't work out then I will
step it up a bit.
Matt
Markus Gufler wrote:
Another idea, now with the
ability to use customizable hold folders in v2
create a test that will move all
messages containing a relative small zip
a banned extension within it).
Has anyone contacted F-Prot?
Matt
Goran Jovanovic wrote:
This was originally a thread from the
Junkmail list but I am moving it
over to the virus list.
> Check your virus log and you may see
some code 8
> errors in it. Adding viru
John,
If you don't mind sharing, what was the issue that you had last week
with F-Prot throwing a code 8 on legitimate E-mail? Or did I get that
wrong?
Thanks,
Matt
John Tolmachoff (Lists) wrote:
From my
understanding is that code 8
means the file is suspect but doe
Title: Message
I'm going to send a support request as well. Maybe if others would do
the same, it might have a better chance of getting attention.
Matt
Colbeck, Andrew wrote:
The return code = 8 in F-Prot does mean
"suspicious file" and not "virus". I
d to be many years behind us in terms of
infrastructure. SBL should not be listing DUL space.
Matt
Colbeck, Andrew wrote:
The return code = 8 in F-Prot does mean
"suspicious file" and not "virus". In this case, they are not calling
the executable Bagle, they are calling
Title: Message
Interesting!
Matt
Colbeck, Andrew wrote:
Thanks for the insight, Matt.
We are used to seeing virus authors doing their
seeding from the home-user cable, DSL and even dial-up pools, but these
samples were definitely spammer web and email server blocks, and
such
errors. Is anyone else seeing this?
Thanks,
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
This E-mail came from the Declude.Virus mailing
27;t recall F-Prot ever throwing
similar errors, though it isn't reliable enough on its own.
Matt
Scott Fisher wrote:
I haven't seen anything obvious in a quick glance through
today's logs.
Do you have an example?
Usually, I just force another download of the dats.
things to detect what is likely a virus that may
have passed the virus scanning.
Matt
Markus Gufler wrote:
Although Adobe recommends enabling scanning all file types in
order to scan a PDF (and ass/u/me'ing its embedded contents
as well), an AV scanner is not currently going to b
ristics.
I'm not sure what FP's either one of these could cause,
but some around here do prefer tighter controls despite the risk of
more FP's and these might be desirable under those conditions. I'm not
sure how they differ.
Any comments or experiences would be appreciat
urning PRESCAN OFF does result in a
50% increase in CPU utilization on my system when running both F-Prot
and McAfee.
Would you prefer the approach of including more qualifications for
PRESCAN, or just switching it on and off per scanner?
Matt
Scott Fisher wrote:
I'm using:
SC
rted issues, so I'm going to assume that it is safe to use
along with /NOBOOT.
I'm still unsure about the heuristic stuff and the other switches. It
seems like using the heuristics are fairly common for those that have
tweaked, but the other stuff doesn't seem to be used
are in one's config and that's fine with me. I also think that
the new release has turned the corner as far as bugs and changes are
concerned.
Matt
Nick wrote:
On 27 Apr 2005 at 8:55, Scott Fisher wrote:
Thanks Scott - you have some switches I haven't seen !
Also -
Declude
I saw F-Prot time out 3 times today in my logs, and I can't remember
that ever happening before. McAfee didn't time out once, and that's
usually the first to go. Maybe this explains the issue. I think it's
time to so some performance monitoring to see what is up.
M
u usage as most people
has leaved the office some hours ago. Time to say good night for me too
after haven't seen anything strange with f-prot on my server at the moment.
|-)
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matt
also the first time that I upgraded from 1.82, so I am watching
my logs carefully. Everything else seems hunky-dory. If it's F-Prot
that is causing the issue, I would imagine that it should disappear
soon. I would expect that others would also see some of the same.
Matt
Colbeck, And
file contains
a report of an error???
I'm also guessing that this might explain the high CPU usage that
Darrell was reporting for F-Prot yesterday, though these events are not
very common on my system, only about twice an hour it would seem.
Matt
--
==
nding the
first entries. Your entries should look the same or similar to mine.
The first entry for each such message that passes PRESCAN will start
with the "MIME file" line. It seems likely that you are experiencing
the same thing.
Matt
Markus Gufler wrote:
Matt,
how
d and shouldn't otherwise be.
Matt
Nick wrote:
On 28 Apr 2005 at 12:57, Matt wrote:
Matt -
If this becomes a real problem that you see and can monitor I would
revert back to an older scan.exe to eliminate the issue of versions.
This is a possible clue:
" Could not fi
sorts of delays with the
same characteristics. Seems like a pretty serious and longer-term
issue with F-Prot.
Matt
Markus Gufler wrote:
No I've checked this already
before: there is no appearance of the spool file name above this line.
All I can see is something like
y close attention to this. I
haven't yet contacted F-Prot because I'm busy at this moment and this
was only just confirmed by someone else. I would have to say that
Scott would be quite useful in a situation like this because it
appeared that he had a line of contact with them (Sco
Nick,
I know. I sometimes don't read carefully myself :)
Matt
Nick wrote:
On 28 Apr 2005 at 13:50, Matt wrote:
Sorry about being wrong on both counts.. but I was trying to help!
-Nick
Nick,
Thanks for the reply, but I think you missed part of the
discussion.This
1/2005 14:37:11 Qa2dce53900ee9f9d Scanned: CONTAINS A VIRUS
[Prescan OK][MIME: 3 28098]
04/01/2005 14:37:11 Qa2dce53900ee9f9d From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 208.7.179.200]
04/01/2005 14:37:11 Qa2dce53900ee9f9d Subject: Re:
Matt
Colbeck, Andrew wrote:
Ma
lpful.
Matt
Bill Landry wrote:
Matt, I searched 2 weeks of logs on
both of my servers (both of which run F-Prot and TrendMicro) and could
only find 4 instances of "Could not find parse string Infection", and
they were found on the server that is very heavily loaded. I use the
f
not
only keeping more Declude processes open, but also increased CPU
utilization. Such a condition is ripe for exploiting, and I'm
concerned that it has existed for so long without resolution, and maybe
even detection...
Matt
Nick wrote:
On 28 Apr 2005 at 16:44, Matt wrote:
Hi Mat
know if there is a different code
being returned, or if F-Prot is just bugging out and not returning a
code. Maybe some of you can clear that part up.
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
h it seems related,
but there also seems to be a different bug here with at least F-Prot
but possibly also Declude.
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
Title: Message
When running Andrew's script, I confirmed that fpcmd.exe hit about 35%
during the ~10 seconds that it was running, which is totally
uncharacteristic. I have dual 3.06 Xeons which have hyperthreading
turned on (shows up as 4 processors in Windows).
Matt
Darrell ([
hes a VIRUSCODE value.
That leaves two real issues; 1) Time/CPU utilization with F-Prot, and
2) F-Prot continuing to report viruses with an exit code of 8.
Matt
Matt wrote:
Colbeck, Andrew wrote:
F-Prot is indeed returning an errorlevel of 8 on
this, and it's definitely way out of lin
d the error code for each
scanner. Some scanners don't have parseable reports so when they are
run in a multiple scanner config the new logging mechanism would be the
only way to properly identify the result for that particular scanner.
Matt
Colbeck, Andrew wrote:
Yes, dur
t please don't flame me
for speaking my mind :) I just want to compel methodical progress that
benefits more than just myself.
Matt
Colbeck, Andrew wrote:
Ding!
... and that's why we've spent so much time on
this.
The log will show that F-Prot return
In the very least, they should set up
a page on the site for bugs and plans for when they will be resolved, or
what is being done to resolve them (not everything is a bug in Declude
of course). This would be very helpful if it was in fact timely.
Matt
R. Scott Perry wrote:
If Scott would
Docket 2005 - 2
It looks like turning F-Prot off might be a good idea, or at least
configuring it to not delete viruses.
Matt
John Tolmachoff (Lists) wrote:
It appears that something has updated on F-Prot in the last hour. Now, a lot
of outbound HTML e-mails are being flagged by F-Prot as
%20Shared\Stationery\">
I have no clue what the pattern is that it is hitting of course, but I
assume that F-Prot just simply added an overbroad rule. Most E-mail
isn't constructed anything like what Microsoft Word creates.
Matt
Markus Gufler wrote:
Question: Have you all run
less you want a full network installation.
Matt
Colbeck, Andrew wrote:
Matt posted the authoritative roundup in a head to head comparison when
he revamped his Declude Virus setup.
Unless he chimes in here with an updated answer, the answer is somewhere
in the archives.
Andrew 8)
-Original Me
SKIPIFEXT works with the banned file names. I believe that they must be
the full file name however. For example:
SKIPIFEXT DELETED0.TXT
Matt
John Tolmachoff (Lists) wrote:
Is there a SKIPIFFILE similar to SKIPIFEXT for use in the BANNotify.eml
file?
John T
eServices For You
---
This E
eficial when you run multiple virus scanners since more CPU can
be saved this way. F-Prot is generally very efficient.
Matt
Panda Consulting S.A. Luis Alberto Arango wrote:
FYI:
Today we were flooded with a massive incoming emails containing Sober.O
(f-prot) virus.
We receive aprox 15% of viruses o
traffic but others like myself are not. Seems like you
have a good handle on things now.
Good luck,
Matt
Panda Consulting S.A. Luis Alberto Arango wrote:
Matt and Dave: First of all thank you very much for answering my post.
I am using fpcmd.exe
Here is my config lines, in case I am
update every 60 minutes
offset 30 minutes from F-Prot.
"C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe" /HIDDEN /INTERNET
Matt
Darin Cox wrote:
Hi Andrew,
We have monitoring in place to know if any management process fails, so
we'll know if this no longer works and we need
AWESOME!!!
:)
Thanks,
Matt
[EMAIL PROTECTED] wrote:
For the foreseeable future Declude will be following a different release
strategy.
Beginning today we will be issuing Incremental Releases on a regular basis.
These releases should be regarded as Beta Code although they will be fully
documented
Outlook Long File Name Vulnerability
ALLOWVULNERABILITY OLLONGFILENAME
Matt
Nick wrote:
Does anyone know or have a list of the vulnerabilities that are a
real problem and should be blocked or conversely the vulnerabilities
that are not a virus/worm threat?
Thanks!
-Nick
201 - 300 of 332 matches
Mail list logo
