Sounds good. Now the question of the day is...how do we subscribe?
Oops. :)
You can send an E-mail to [EMAIL PROTECTED] with subscribe virusalert
Your Name in the body of the E-mail.
-Scott
---
Declude JunkMail: The advanced anti-spam
Thanks.
Oh, how does one sign up on this list?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of R. Scott Perry
Sent: Friday, March 26, 2004 12:29 PM
To: [EMAIL PROTECTED]
Subject:
You can send an E-mail to [EMAIL PROTECTED] with subscribe virusalert
Your Name in the body of the E-mail.
BUT, that will not work for everything, such as a alpha/numeric pager or a
cell phone which only had SMS on it, not e-mail.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
You can send an E-mail to [EMAIL PROTECTED] with subscribe virusalert
Your Name in the body of the E-mail.
BUT, that will not work for everything, such as a alpha/numeric pager or a
cell phone which only had SMS on it, not e-mail.
In that case, you can just E-mail me the address you want added
You can send an E-mail to [EMAIL PROTECTED] with subscribe
virusalert
Your Name in the body of the E-mail.
BUT, that will not work for everything, such as a alpha/numeric pager or a
cell phone which only had SMS on it, not e-mail.
John Tolmachoff
Engineer/Consultant/Owner
eServices For
]
Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus
information
You can send an E-mail to [EMAIL PROTECTED] with subscribe
virusalert
Your Name in the body of the E-mail.
-- Tim
---
[This E-mail was scanned for viruses by Declude Virus
(http
PROTECTED]
Sent: Friday, March 26, 2004 4:42 PM
Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus
information
BUT, that will not work for everything, such as a alpha/numeric pager or
a
cell phone which only had SMS on it, not e-mail.
John Tolmachoff
Engineer
Excellent idea. Thank you very much.
D.
At 01:29 PM 3/26/2004, you wrote:
FYI, at the request of our customers, we have just set a new mailing list
called Virus Alert. The list is designed to let our customers know as
soon as we find out about new, fast-spreading viruses. The goal is to
we need a similar emergency list for spam tests going down, requiring
changes in global.cfg
- Original Message -
From: Dale McDiarmid [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 26, 2004 10:37 PM
Subject: Re: [Declude.Virus] New Virus Alert mailing list for urgent virus
we need a similar emergency list for spam tests going down, requiring
changes in Global.cfg
Not really, as those (in the past) have not occurred so rapidly that a
problem occurred. There is almost always a few days notice and is discussed
on the JunkMail list.
John Tolmachoff
, but at least to regular email adress
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, March 27, 2004 12:50 AM
Subject: RE: [Declude.Virus] New Virus Alert mailing list for urgent virus
information
we need a similar emergency list
For those of us who are not full time postmasters, we may spend days,
sometime more than a couple of weeks without reading these lists.
and when we come back, we usualy do not have the time to catch up
so an emergency junkmail list would be welcomed, not necessarly to route
to
sms/pager, but
Thanxs!
Some more infos on http://vil.nai.com/vil/content/v_101030.htm
Tanx (or Panda's name: YourId ) is a forging virus.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, February 17, 2004 4:01 PM
To:
I will second this once again, I submitted this to Mcafee and the extra.dat
file I got mentioned W32/[EMAIL PROTECTED]
I haven't received anything back from them since about 1/2 hour ago. So for
the .exe name has changed on the ones we have seen.
Here is an example from one of the messages we
F-Prot calls it w32/[EMAIL PROTECTED]
http://www.f-prot.com/virusinfo/descriptions/bagle_b.html
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, February 17, 2004 9:01 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] New
Mcafee's write up on it...
http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=101030
Don
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 17, 2004 9:01 AM
Subject: [Declude.Virus] New virus Tanx
FYI, there is a
Declude has just released an update for this same virus that they identify
as W32/[EMAIL PROTECTED]
-Butch
*** REPLY SEPARATOR ***
On 2/17/2004 at 10:01 AM R. Scott Perry wrote:
FYI, there is a new virus that was discovered several hours ago, and
we've
already seen several
F-Prot calls it w32/[EMAIL PROTECTED]
You mean Bagle and not Bagel ?!
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
My error . F-Prot is the comapny that has the new update.
-Butch
*** REPLY SEPARATOR ***
On 2/17/2004 at 9:32 AM Butch Andrews wrote:
Declude has just released an update for this same virus that they identify
as W32/[EMAIL PROTECTED]
-Butch
*** REPLY SEPARATOR
Symantec labeled it [EMAIL PROTECTED] HA.. I just label it an exe attachment
virus and carry on. Surprisingly, since I thought most email admins block
exe attachments, this one is moving fast.
~Rick
F-Prot calls it w32/[EMAIL PROTECTED]
You mean Bagle and not Bagel ?!
Symantec labeled it [EMAIL PROTECTED] HA.. I just label it an
exe attachment virus and carry on.
Well, you can try to add
FORGINGVIRUS exe attachment virus
...but I expect this will not change anything.
Markus ;-)
---
[This E-mail was scanned for viruses by Declude Virus
I chuck it with ASSP and if it makes it past that then declude should kick
it via the ban extension exe. If still passes that then hopefully the
F-Prot will woof it.
~Rick
Using mail server mail.famhost.com.220 ict-famhost.email.system X1
HELO www.declude.com
250 hello JaRay.net
MAIL FROM:
250
Scott, has this been added to the forging virus list on your server,
including the variant names?
Yes.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Catches known viruses and is
Yes.. I think another poster recommended adding Private.zip into the declude
virus.cfg file to block that attachment
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan
Sent: Wednesday, November 26, 2003 12:00 PM
To: [EMAIL PROTECTED]
Subject:
We started seeing these are 8am this morning
The attachment comes as photos.zip and so far neither Mcafee or F-prot is
catching them.
We recommend adding a line BANNAME photos.zip to the
\IMail\Declude\virus.cfg file (with v1.76 or higher), which will catch this.
From: james@current domain
Can we just add this to the virus.cfg:
BANNAME photos.zip
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Don Hickey
Sent: Friday, October 31, 2003
The attachment comes as photos.zip and so far neither Mcafee or F-prot is
catching them.
Wrong,
Our McAfee has been blocking it since 11:17 AM this morning.
10/31/2003 11:17:15 Q8ac30620009e0f1f Scanner 1: Virus= the W32/[EMAIL PROTECTED]
virus !!! Attachment=photos.zip [13] I
10/31/2003
, October 31, 2003 8:48 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] New Virus - MiMail.C - spreading fast
We started seeing these are 8am this morning
The attachment comes as photos.zip and so far neither Mcafee or F-prot is
catching them.
We recommend adding a line BANNAME
: [Declude.Virus] New Virus - MiMail.C - spreading fast
Scott, when using BANNAME, the resulting banned file notice does not show
the name of the file.
That is correct. The banned file names are treated exactly the same as
banned file extensions, which can only display the extension
wOOhOO! F-Prot is catching them now..
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can
Look in the mail from this mailing list on 12.08.2003 at 6:47 subject
Blaster worm!
Hermann
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sheldon Koehler
Sent: Wednesday, August 13, 2003 9:10 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] New
John,
by the time these announcements are SENT, the new virus signatures are
already out.
I'm actually LESS concerned about .EXE files that are recognizable as .EXE
files - people seem to be VERY aware of the need NOT to run .EXE files. I'm
ONLY concerned about disguised .EXE files (that use
At one point you talked about detection of double file extensions. Was
that ever implemented?
It's a good idea, but tough to implement properly. The problem is with
filenames such as www.yahoo.com.url, and spreadsheet.2002.nov.xls. So
adding such detection would get a bit complicated.
Wouldn't the double extension just get blocked by the exe rule?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Thursday, December 05, 2002 9:33 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] New Virus: Holar
At one point
Wouldn't the double extension just get blocked by the exe rule?
It would, if you block .exe files (which many ISPs can't do, for
example). For people that don't block .exe files, the *.*.exe blocking
could be useful.
-Scott
---
[This E-mail was scanned for
Is the syntax then?
BANEXT *.*.exe
Doug
Wouldn't the double extension just get blocked by the exe rule?
It would, if you block .exe files (which many ISPs can't do, for
example). For people that don't block .exe files, the *.*.exe blocking
could be useful.
Is the syntax then?
BANEXT *.*.exe
No. That will literally ban E-mails with an extension of *.*.exe, which
no E-mail will have (since the extension in such a file is actually exe).
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
Now this one looks bad. I am blocking .pif files but not sure what
the .ceo is about. The only CEO's don't usally infect anything just
slow stuff down. :) I guess i need to find that link on file types.
http://filext.com/
.CEO Extension associated with Winevar Worm (The worm sets .CEO
I guess that goes in to banext
I just added it.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus
]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 03, 2002 2:41 PM
Subject: RE: Re: [Declude.Virus] New virus: W95/CIH-1106 New variant of
Chernobyl
I guess that goes in to banext
I just added it.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
: [Declude.Virus] New virus: W95/CIH-1106 New
| variant of Chernobyl
|
|
| I guess that goes in to banext
|
| I just added it.
|
| John Tolmachoff MCSE, CSSA
| IT Manager, Network Engineer
| RelianceSoft, Inc.
| Fullerton, CA 92835
| www.reliancesoft.com
|
|
|
| ---
| [This E-mail
12:57 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] New virus: W95/CIH-1106 New variant of
Chernobyl
What is extensions is everyone blocking in general? I am blocking scr, pif,
ceo ? Should I be blocking any thing else?
Thanks,
Kris McElroy
[EMAIL PROTECTED]
Internet Systems
Here is the list of Banned Extension that I use
T
BANEXT REG
BANEXT LNK
BANEXT CMD
BANEXT CPL
BANEXT JS
BANEXT JSE
BANEXT MSI
BANEXT MSP
BANEXT PCD
BANEXT SCT
BANEXT SHB
BANEXT SHS
BANEXT VB
BANEXT VBE
BANEXT WSC
BANEXT WSF
BANEXT WSH
BANEXT CEO
BANEXT OCX
BANEXT NWS
BANEXT VBX
BANEXT DLL
BANEXT
I block all of the ones MS Outlook blocks, plus this .CEO extension. But I
also would be interested to here if there are others...
http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Paul Ingram
: Re: [Declude.Virus] New virus: W95/CIH-1106 New variant of
Chernobyl
I just reviewed my banned extensions in light of this.
Has an ALLOWEXT option been discussed? That might be better.
For example
ALLOWEXT ZIP
ALLOWEXT GZ
ALLOWEXT TXT
...
If ALLOWEXT were used then any other extension
Being that this comes as an .exe attachment, those with a banned
extension policy will be afforded that protection until the AV companies
come out with updated definitions.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original
This Junk mail that a customer of mine received have me somewhat
confused and perplexed. customer x started to receive junkmail from
customer y (they both know each other).
The X-sender-ip IS a valid ip in our dial-up range and customer Y WAS
logged in at this time these messages was sent.
The
05/24/2002 15:00:26 Q8dc40f10019cf219 Subject: Congratulations
05/24/2002 15:21:09 Q92a10f72025eee35 Subject: Spice girls' vocal concert
05/24/2002 15:27:20 Q94130f33019c9394 Subject: Fw:Support,darling
05/24/2002 15:30:13 Q94c202a501c63f0d Subject: Eager to see you
These are all subjects of
Having the same problem with Macafee. Console scanner will catch the file if
I manually scan the directory. Declude will not catch it.
Note that the Magistr.32768 required updated engines on some virus
scanners. It's best to make sure that the virus scanner engine is updated,
as well as
For what it is worth, Declude/FProt has been catching this virus on our
server.
Fprot 3.12 (Dos ver)latest update, Declude 1.36
Dustin
-Original Message-
From: Visual Web Norge [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 06, 2002 9:36 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus]
latest declude
latest def on F-rot an latest engine still slipping trough
Benny
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: 6. mai 2002 16:33
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] new virus ?
Having
latest declude
latest def on F-rot an latest engine still slipping trough
F-Prot will NOT detect the Magistr.32768, even with the latest virus
definitions, if you are not running a recent scanning engine (.exe
file). I believe you need F-Prot 3.11 or higher.
hmmm get through on 3.11b but upgraded til 3.12 and that got it right away
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: 6. mai 2002 17:19
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] new virus ?
latest declude
Here is a new one...haven't seen this in a notification before, but
virus and file name are unknown
This looks like it was caught because it was a suspicious file. F-Prot
returns a code of 8 when it detects a suspicious file, which some people
will treat as a virus (as there was a virus that
How can declude catch it if it doesn't use the server as the outgoing mail
server? It won't be very successful on being received by the mail server
because it will be caught. I wouldn't worry too much since One way or the
other it has to traverse your server to be delivered.
Craig.
Does anyone know about the following and is Declude geared up for it?
...Note of caution: Some of the newer viruses are including a complete copy
of SMTP (the mail server protocol) in them. They thus can bypass your
outgoing mail server (and virus detection system) and spread.
*(This is
There is no way your mail server can catch all of this. The only way that
you can be sure you're not spreading like this (when programs have their own
SMTP process) is to setup access control lists at your edge router, that do
not allow any outgoing SMTP (port 25) requests, EXCEPT for your mail
Mark,
The sonic wall I installed when at Science-Int had a DMZ on it; where the
Imail sat, I set up a rule within the sonic wall that traffic on port 25
could only be set via the dmz address and not out via the wan port from the
Lan.
the only concern to have is that inside the Sonic wall
I received an email this AM containing a new virus which got through our
IMail server running Declude with FPROT.
Anyone else seen this?? My antivirus data files should be current.
This is the new Nimda virus, that appears to be related to...
We're also being pounded by systems infected with
It's new. F-Prot has already updated the
defs. Get them.
- Original Message -
From:
J Porter
To: [EMAIL PROTECTED]
Sent: Tuesday, September 18, 2001 2:04
PM
Subject: [Declude.Virus] new virus FPROT
not stopping
I received an email this AM containing a new
101 - 160 of 160 matches
Mail list logo
