Declude email security - Call 866 332 5833
Toll Free 1.866.332.5833

  Declude

Declude Release Notes

Declude Security Suite 4.3.23 [7 September 2006]
PieceTypeChange
DECADDNew ZEROHOUR CommTouch Dll
JMADDWHITELIST reason shown at LOGLEVEL HIGH
JMADDAUTOWHITELIST for Imail 2006
JMFIXDefault for the OUTBOUNDSCANNINGSPAM directive is now ON
JMFIXDeclude crash fixed on corrupted From: line in the header part of the envelope file
JMFIXBroken Headers issue fixed
JMFIXRevised ROUTING spamrouting internal tables have to be updated to reflect domestic and offshore network blocks.
EVAADDMIME header mismatch, Declude assumes it is an executable. If this test is turned off then the e-mail will not be caught as vulnerability. However, there is a log message that the mismatch was found and it is ignored because this directive is turned off. Located in the virus.cfg, default is ON

MISMATCHEDEXT ON

EVAFIXZip vulnerability, declude was holding a valid zip file as a vulnerability
Declude Security Suite 4.3.14 [28 September 2006]
PieceTypeChange
DECADD

BANCHARSET defined in the declude.cfg quarentines listed character sets Example:

BANCHARSET   iso-2022-jp
BANCHARSET   koi8-r

EVAADDWith AVAFTERJM   ON the JM Log displays message moved to virus folder
JMADDSpam checking for inbound/outbound scanning can be turned on/ off. Located as a directive in the global.cfg file, below are the default settings.

OUTBOUNDSCANNINGSPAM     OFF
INBOUNDSCANNINGSPAM         ON
JMFIXIPBYPASS now takes place before WHITELIST
JMFIXUsing HOLD action in the $default$.junkmail file, if an extra space was after %DATE% incorrect behaviour was observed, this is not been normalized
JMFIXX-COUNTRYCHAIN log entry no longer truncated
JMFIXDELETE_RECIPIENT removes the specified email address as per-user action only
DECFIXOn occasion ZEROHOUR initialized two overlaping threads causing decludeproc crash
HIFIXCONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly

3.1.3 [28 September 2006]
PieceTypeChange
SMFIX

Decludeproc will not start without a valid domainlist.xml

HIFIXCONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly
JMFIXDeclude crash fix. Buffer Overflow reading the From: line in the Headers
JMFIXWith HOLD if extra space after %DATE% incorrect behaviour was observed this is not been normalized

Declude Security Suite 4.3.7 [3 August 2006]
PieceTypeChange
JMADDAdded x-header for CommTouch RefID
JMFIXCOPYFILE not working correctly when COPYFILEACTIONWITHHEADERS ON directive
JMFIXDeclude crash fix. Buffer Overflow reading the From: line in the Headers
SMFIXFailed .hdr to be DELETED rather than moved to the \error director
HIFIXSpam messages set for HOLD and DELETE moved back to the Spool when intercepted by Hijack

3.1.1 [3 August 2006]
PieceTypeChange
JMFIXCOPYFILE not working correctly when COPYFILEACTIONWITHHEADERS ON directive
SMFIXQUEUEFILE_SAVEFILE the log is showing the correct directory path
SMFIXFailed .hdr to be DELETED rather than moved to the \error director
DECFIXA Global variable being initialized more than once has been corrected
HIFIXSpam messages set for HOLD and DELETE moved back to the Spool when intercepted by Hijack
EVAFIXBANEXT buffer overflow
EVAFIXALLOWVULNERABILITIESFROM (for user)

Declude Security Suite 4.3 [18 July 2006]
PieceTypeChange
DECADDCommTouch Zero-Hour Virus Protection and Recurrent Pattern Detection Technology added. If you are subscribed to Declude for the CommTouch add-in, to enable, add/use the ZEROHOUR directive in the global.cfg file to control the weight associated with this test.

ZEROHOUR 14
DECFIXA Global variable being initialized more than once has been corrected

Declude Security Suite 4.2 Build 20 [6 July 2006]
PieceTypeChange
EVAADDNew NONSTANDARDHDR vulnerability test. Messages found to have broken headers are moved to the \virus folder
EVAFIXALLOWVULNERABILITIESFROM (for user)
EVAFIXBANEXT buffer overflow
SMADDWhen an error is found in the envelope (.hdr) file the message is moved to the \error folder
SMADDDecludeproc will not start without a valid domainlist.xml
SMFIXQUEUEFILE_SAVEFILE the log is showing the correct directory path
SMFIXAllows admin to set VIRDIR to any directory path in the virus.cfg

Declude Security Suite 4.2 Build 12 [24 May 2006]
PieceTypeChange
EVAADDAbility to configure the built-in AVG update interval which checks for updates. Default is once a day / minimum is one hour. Located int the declude.cfg add the following directive

AVGUPDATEFREQHRS 6
(Note:AVGUPDATEFREQHRS)
EVAFIXAVG now reports name of virus found in log file
EVAFIXPerformance and speed enhancement to the AVG database file downloads
JMFIXBuffer overflow fix

Declude Security Suite 4.2 Build 3 [2 May 2006]
PieceTypeChange
EVAADDBUILTINSCANNER    OFF
Located in Virus.cfg. Will disable the internal AVG scanner.
EVAADDIntegrated AVG Scanner into Decludeproc no configuration required.

3.1.0 & 4.1.0 [3 Apr 2006]
PieceTypeChange
JMADDAdded Test MSGSIZE can be used to reduce weight on larger emails
JMADDAdded Test FROMNOMATCH checks the sender in the envelope with the sender line in the header to see if they match.
SMFIXImplemented uniform handling in SmarterMail for v1/v2 and v3 domainList.xml formats
SMFIXCorrected issue with overwrite of masterhostname variable
SMFIXCorrected issue where COPYTO was not functioning correctly
SMFIXWeight added to envelope only if message is being passed on and not held or deleted
DECFIXCorrected issue where some Declude variables were not being properly initialized

3.0.6.4 & 4.0.9.4 [13 Mar 2006]
PieceTypeChange
HIFIXCorrected logging issue and locked file problem trying to move .hdr files in SmarterMail
SMADDSupport for MAILBOX action in Smartermail
CONFIXConfirm for Imail now working correctly

4.0.9 [20 Feb 2006]
PieceTypeChange
JMFIXLog file changes for COUNTRY / COUNTRIES to eliminate duplication of lines
SMADDSupport for WHITELIST AUTH in Smartermail
SMADDSupport for CMDSPACE test in Smartermail
SMADDDeclude now passes total weight of email directly back to Smartermail
IMADDEnhanced move files to spool for older versions of IMail
JMFIXFixed bug that occasionally caused email to go to the wrong hold directory
DECADDDecludeproc -v now displays platform in addition to version
JMFIXCorrected bug that caused mishandling of message attachments when processing headers
SMADDAdded code to process new domain list format in SmarterMail 3.0 due to changes in XML file format

3.0.6 [20 Feb 2006]
PieceTypeChange
JMFIXLog file changes for COUNTRY / COUNTRIES to eliminate duplication of lines
IMADDEnhanced move files to spool for older versions of IMail
JMFIXFixed bug that occasionally caused email to go to the wrong hold directory
DECADDDecludeproc -v now displays platform in addition to version
JMFIXCorrected bug that caused mishandling of message attachments when processing headers
SMADDAdded code to process new domain list format in SmarterMail 3.0 due to changes in XML file format

3.0.5.23[29 Dec 2005]
PieceTypeChange
JMFIXThis release fixes a bug in the IMail version of Declude whereby the wrong service level (Pro, Standard, Lite) was being reported. This issue affected IMail users only.

3.0.5.21 [30 Nov 2005]
PieceTypeChange
JMADDINVITEFIX    ON
Located in Declude.cfg. Some customers had issues related to Outlook meeting requests appearing as text only. The default for this directive is OFF.
JMFIXFixed skipping of certain DNSBL tests.
JMFIXSTOPALLTESTS is now working correctly
AVFIXIncorrect log entries regarding to licensing with EVA
AVADDVulnerability Notifications available for Imail

3.0.5.20 [10 Nov 2005]
PieceTypeChange
JMFIXFixed un-initialized variable, causing CMDSPACE false positives.
JMFIXFixed un-initialized variable, causing SPF false positive
JMFIXBITMASK test timeout error fixed
JMFIXMishandled Winmail.dat / TNEF fixed

3.0.5.18 [4 Nov 2005]
PieceTypeChange
ALLFIXFixed un-initialized variable causing intermittent stop/start with the decludeproc service.
JMFIXFixed SmarterMail incoming email recipient domain aliases
AVFIXFixed un-initialized variable, causing incorrect Virus Names.

3.0.5.14 [31 Oct 2005]
PieceTypeChange
ALLADDWINSOCKCLEANUP    ON
Located in Declude.cfg. Some customers had issues related to their network stack causing loss of functionality for basic network operations. The default for this directive is OFF
ALLFIXMemory leaked fixed by forcing windows to close handles once completed.

3.0.5.12 [26 Oct 2005]
PieceTypeChange
ALLADDCreated a \proc\error directory for messages that cannot be moved by Decludeproc to the appropriate locations
ALLADDWhen the \proc directory becomes empty and the threads in the work have completed all messages decludeproc resets the winsock
ALLADDWhen the \proc directory is empty winsock cleanup will be called after the shorter of either the number of worker threads going to 0 or 5 minutes. Any files found in the work directory will then be moved to the \review directory.
ALLFIXChange default THREADS to 15 if no Declude.cfg is located
ALLFIXChange default WAITFORMAIL to 2000 if no Declude.cfg is located
JMADD

AUTOREVIEW    ON
Located in Declude.cfg. Email in the \review directory is automatically moved to the \proc directory when the service starts or when the proc directory is empty

HIFIXRemoved deccon.exe to be replaced with new Console

3.0.5.3 [26 Sep 2005]
PieceTypeChange
ALLADDDeclude.exe function changed to move files to \proc directory
ALLADDDecludeproc.exe introduced to run as a service.
ALLADDDecludeproc.exe creates \proc directory, \work directory \review directory.
ALLADDTHREADS 5
Located in Declude.cfg. Specifies the amount of threads declude uses to process email.
ALLADDWAITFORMAIL 30000
Located in Declude.cfg. Defined in milliseconds eg. 30000 = 30 seconds this can be changed to set the wait time that decludeproc will wait before checking the \proc directory once empty for new messages.
ALLADDWAITFORTHREADS 1500
Located in Declude.cfg. Defined in milliseconds eg. 1500 = 1.5 seconds this can be changed so that when the maximum threads are in use this time specifics the wait before checking to launch more threads.
ALLADDWAITBETWEENTHREADS 1
Located in Declude.cfg. Defined in milliseconds eg. 1 = 1 millisecond The time to wait between spawning one thread and starting to process another thread.

2.0.6 [11 Apr 2005]
PieceTypeChange
ALLADDEnhanced diagnostics to include the ability to send diagnostic information directory to Declude Technical Support.
ALLADDEnhanced logging.
ALLADDProcessCounter - New application that will show the number of running Declude instances in the Windows system tray.
ALLFIXAdded resolution to log if the 'Error starting deccon.exe message' was found.
JMADDAdded new directives for global.cfg - STOPPROCESSINGONFIRSTDELETE, COPYFILEACTIONWITHHEADERS, ACTIONSONCOPYALL, NOACTIONSONCOPYALLWHENWHITELISTED.
JMADDNew configuration file (optional) with new directives - PROCESSES, CONCATENATELOGSTHRESHOLD, CONCATENATELOGS, KEEPINDIVIDUALLOGS,  ADJUSTFORLOAD.
JMADDAdded the option to hold spam by date - Adding %DATE% to the HOLD action will create date folder which will hold spam.
JMADD(SMARTERMAIL ONLY) Added an overflow process for high volume.
JMFIXNew DELETE_RECIPIENT action - Use this action to remove a recipient from a multi-receipt email. Prior versions used the DELETE action causing confusion and other issues, DELETE will delete the entire email, DELETE_RECIPIENT deletes individual users.
JMFIX(SMARTERMAIL ONLY) COPYFILE directive didn't copy both hdr and eml files

2.0.5 [14 Feb 2005]

Piece

Type

Change

ALLFIXReferencing a memory pointer that was not valid because of a fix to the Hijack product. This produced GP1 and GP2 files in the root of C:\ containing text similar to ‘couldn’t open headers datafile (are you running an on-access virus scanner?)’

2.0 [31 Jan 2005]

Piece

Type

Change

ALLFIXFixes an issue where Declude could use an IP address in the E-mail body, if no IP appeared in the E-mail headers.
ALLFIXEnsures correct identification of message subject
AVADDADD Adds detection of bogus .EXE files (including 0-byte .exe files) to Declude Virus Pro
AVADDADD Adds support for %REVDNS% variable to show reverse DNS entry of remote mailserver
AVADDALLOWVULNERABILITIESFROM option that instructs Declude Virus to allow vulnerabilities from a specific E-mail address.
AVADDAdds support for event logging to Declude Virus.
JMFIXChanges DELETE action to only delete the E-mail for recipients using the DELETE action (so it will deliver to any other recipients)
JMFIXChanges logging so that all log file entries for a given E-mail will be grouped together.
JMADD

Changes HOLDaction so that users can specify the directory to hold spam in.

HIADDAdds support for event logging to Declude Hijack.

1.81 [1 Oct 2004]
PieceTypeChange
AVFIXFixes a problem with false positives in Microsoft's " GDIPlus.dll JPEG exploit" detection.
AVFIXChanges "GDIPlus.dll JPEG Exploit" detection to be run on any JPEG file, regardless of extension.
JMFIXFixes a problem where "LOG_OK NONE" option would display " Message OK" lines in log file.
JMFIXFixes a problem where "LOG_OK NONE" option would display " Tests Failed:" lines in log file.

1.80 [28 Sep 2004]
PieceTypeChange
AVFIXEnhances Object Data vulnerability detection
AVFIXEncrypted .RAR files were only blocked in the Pro version; fixed.
AVFIXCould incorrectly detect Outlook 'MIME Headers' Vulnerability; fixed.
AVFIXCode added to prevent too many BANEXT/SKIPEXT options from causing crashes.
AVFIX"PK00" .ZIP files would get caught as encrypted; fixed.
AVFIXFixes an issue where a crash could occur if an on-access virus scanner blocked a .ZIP file
AVFIXWill no longer delete vulnerabilities with DELETEVIRUSES ON
AVFIXWill now re-try moving of virus-laden D*.SMD files for up to 60 seconds (every 2 seconds)
AVFIXMakes a change to help ensure that Outlook CR Vulnerability does not occur if more than 16K of headers
AVFIXBANEXT EZIP now takes priority over BANEXT ZIP
JMFIXWHITELIST IP would whitelist E-mails sent from imail1.exe; fixed.
JMFIXFixes an issue where people with many tests using WARN action could cause problems
JMFIX%WEIGHT% variable will now work everywhere
JMFIXChanges %WEIGHT% to calculate weight properly if spam tests haven't been run.
JMFIXNOTENDSWITH would not work properly on some matches; fixed.
JMFIXSUBJECT filter could have false positives in rare cases; fixed.
JMFIXFixes an issue where an altered subject could have first character missing.
JMFIXWill now only wait 5 minutes for an external program to finish, rather than an hour.
JMFIXFixes an issue with filters with '~' character in them.
AVADDDetects invalid .ZIP vulnerability.
AVADDDetects bogus CPL files (Declude Virus Pro).
AVADDSKIPIFEXT option added for .eml files (IE 'SKIPIFEXT EZIP').
AVADDDetection of Microsoft GDIPlus.DLL JPEG vulnerability.
JMADDCONTSPACES test to detect more than X continuous spaces in the subject.
JMADDAdded NOTCONTAINS, NOTIS filter types.
JMADDSTOPATFIRSTHIT option added to filters (for example, STOPATFIRSTHIT, so any hit in file will stop further processing of this filter).
JMADDSTOPALLTESTS option added to filters (for example, "BODY STOPALLTESTS CONTAINS Evil Spammer")
JMADDMINWEIGHTTOFAIL option added to filters (requiring that the filter reach a certain weight before it will be triggered).

1.79 [Beta, 05 Apr 2004]
PieceTypeChange
ALLFIXAdded code to bypass IMail v8.1's duplicate scanning of forwarded E-mails.
AVFIXFixes issue with previous beta and incorrect "Waiting for activation code" header.
AVFIXBANNAME would produce a blank %BANEXT% variable; now shows full name.
AVFIXRemoves " virus !!!" from end of virus names produced by McAfee.
AVFIXPRESCAN ON setting will now scan E-mail with "<IFRAME" in them.
AVFIXWill now skip over .GSC/.GSE files to improve performance and ensure no loops can occur.
JMFIX"Tests Failed" log file entry will now include all tests (not just ones with an action of LOG or higher or a weight not equal to 0).
JMFIXSubject filters will now work on both decoded and undecoded versions of subject.
JMFIXDOMAINWHITELISTS option fixed.
JMFIXFixes an issue that could force IGNORE action to be used if more than 100 tests were defined.
JMFIXFixes an issue with an infinite loop that could occur in SPF processing with invalid SPF strings.
JMFIXFixes an issue that could cause UNKNOWN VAR to appear on the 42nd test (and multiples thereof).
AVADDAdds BANEXT EZIP option to ban all encrypted .ZIP files.
AVADDAdds BANZIPEXTS option (Declude Virus Pro) to check .ZIP files for banned file extensions (BANEXT).
AVADDAdds BANEZIPEXTS option (Declude Virus Pro) to check encrypted .ZIP files for banned file extensions (BANEXT).
AVADDAdds .PIF, .SCR, .COM, and .BAT vulnerability detection (invalid file types) for Declude Virus Pro.
AVADDAdds OBJECT DATA vulnerability detection (used by Bagle.Q, Bagle.R).
AVADDAdds virus name to headers of quarantined virus E-mails.
JMADDCOPYFILE action to copy the IMail D*.SMD and Q*.SMD files to a specific directory (for example, "WEIGHT10 COPYTO C:\IMail\spool\weight10\").

1.78 [Beta, 18 Feb 2004]
PieceTypeChange
JMFIXE-mails greater than 32K could have invalid characters appear in base64 MIME decoding, causing filters to be incorrectly triggered in rare cases; fixed.
JMFIXSubject would not be added to rare E-mails without a body; fixed.
JMFIXIPBYPASS limit increased from 20 to 100 entries.
JMFIXIf an invalid variable was encountered, headers might have become corrupt; fixed.
JMFIXFixes a rare issue where wrong actions could be used.
JMFIXFixes a rare issue with external tests where locked files might not be processed properly.
JMFIXHIDETESTS option would not work properly; fixed.
JMFIXFilter WARN messages will now have weight as total weight, including the weight of the test itself.
JMFIXEND statement in filter will now work properly.
JMFIX"fromfile" test type will now stop processing at first match..
JMFIXBADHEADERS test will no longer fail if To: not present but Bcc: is.
JMFIXTests with DUHL in the name will now be skipped after first hop..
JMFIXHTML code removal will now work with CRLFs in HTML tags.
JMFIX"ipfile" test type warning message will now start at first nonwhitespace character.
JMFIXFixes an issue with recipients in E-mails sent from IMail v8 web messaging.
JMFIXLOGLEVEL LOW will now have 1 line with tests that fail ("HELOBOGUS=WARN SPAMCOP=DELETE", etc.). LOGLEVEL HIGH will have the old one line per test, with the warning message.
JMFIXMAILFROM test will now catch just "username".
JMADDDOMAINWHITELISTS ON option, to allow for per-domain whitelist files at \IMail\Declude\example.com\whitelist.txt.
JMADDNew tests "dow" and "hour", to allow hour and day-of-week detection. IE "HOUR hour 9 16 0 0" for local 9AM->4:59PM. DOW dow 1 5 0 0 for Monday through Friday.
JMADDAdds TESTSFAILED searching for filters (for tests that have already run). For example, "TESTSFAILED END CONTAINS SPAMCOP".
JMADDNew test "spf" added for SPF support.
JMADDFilters can now have "WHITELIST" command to whitelist an E-mail ("SUBJECT WHITELIST CONTAINS [Declude.JunkMail]")
JMADDAdds NOTENDSWITH option to filters ("REVDNS 0 NOTENDSWITH .aol.com").
JMADDAdds CIDR option to filters ("REMOTEIP 0 CIDR 192.0.2.0/24").
JMADDAdds CMDSPACE test to help detect spamware in SMTP commands.
JMADDNow will decode encoded subjects (for use in filters).
AVFIXHad an internal limit of 20 forging viruses; changed to 200.
AVFIXPrevents false positives where "begin " followed by "." causes uudecoding to occur.
AVFIXPrevents notifications from being sent out with the Outlook CR Vulnerability, if an unusual RCPT TO: occurred with an LF in it.
AVFIXFixes an issue where if 2nd virus scanner reported filename (not number), it would be used instead of "good" filename from first scanner.
HIFIXIncreases ALLOWIP limit to 100 entries.

1.77 [Beta, 04 Dec 2003]
PieceTypeChange
AVFIXSpace Gap detection will now obey BANCRVIRUSES setting.
AVFIXBANNAME option would cause problems when too many entries were used; fixed.
JMFIXCOMMENTS test now works on "greater than or equal" rather than "greater than".
JMFIXFixes an issue with the MAILFROM test, where it would get triggered on a DNS response with no NS records.
JMFIXIn certain multi-hop scenarios, bogus IPs (such as "?.?.?.?") would get scanned; fixed.
JMFIX"bypasswhitelist" option wouldn't work with WHITELISTFILE or AUTOWHITELIST; fixed.
JMFIXENDSWITH would not work properly in certain rare cases; fixed.
JMFIXPERCENT test now catches quotes; IE: '"user@example.com"@example.com'.
JMFIXBOUNCE action renamed to BOUNCEONLYIFYOUMUST (due to huge amounts of spam being sent out by our customers!).
JMFIXFixes issue where per-user whitelisting or AUTOWHITELIST might not work.
JMFIXFixes an issue when SUBJECT action was too long.
JMADD"filter" test type now can have MAXWEIGHT/MINWEIGHT option.
JMADD"filter" test type now can have "END" in place of the weight (any match will 'turn off' test).
JMADD%TESTSFAILEDWITHWEIGHTS% variable, which includes weights along with the tests that failed.
JMADD"filter" test type now has SKIPIFWEIGHT option to bypass filters if a certain weight has already been reached.
JMADDHIDETESTS option to hide tests from X-Spam-Tests-Failed: header.
AVADDDetection of new "Outlook 'Space Gap' Vulnerability" variants.
AVADDAdded SKIPIFFORGING option for .eml files.
AVADDAdded ONLYSENDIFVIRUSNAMEHAS option.
AVADDAdded %LOCALRECIPS% variable that only lists local recipients.

1.76 [Beta, 19 Sep 2003]
PieceTypeChange
JMFIXFixes a rare issue with CNAMEs in reverse DNS lookups.
JMFIXPrevents EASYNET-DYNA test from working with 2nd and further hops.
JMFIXAutomatically detects wildcards from TLD parents (such as non-existent .com/.net domains).
JMADDANYWHERE filter type (for example, "ANYWHERE 0 CONTAINS something"), to search both headers and body.
JMADDWHITELIST AUTH option in global.cfg file, which automatically whitelists authenticated senders (for IMail v8 and later).
JMADDAdds a bypasswhitelist test type that can be used in rare cases when whitelist bypassing is necessary.
AVADDBANNAME option, to ban file names (such as "BANNAME message.zip").
AVADDAutomatic detection of forging viruses (via DNS). To turn off, use "AUTOFORGE OFF".
AVADDAdds ONLYSENDIFRECIP and ONLYSENDIFIP options for .eml files that should only be sent to specific recipients or IPs.

1.75 [Release, 22 Jul 2003]
PieceTypeChange
JMFIXReverse DNS entry variable could get corrupted; fixed.
JMFIXFilters that have no string to look for will no longer match all E-mails (IE "BODY 0 CONTAINS ").
JMFIXFixes an issue where first recipient could not use global.cfg file if no copyall_account was used.
JMFIXCould have a "Misconfiguration: WHITELISTFILE is not an action" line in log file; fixed.
JMFIX"Multiple headers/footers can now be used" removed (since multiple headers/footers would appear if multiple recipients).
JMFIXWith AUTOWHITELIST, SUBJECT action on one recipient would be used even if a later recipient was AUTOWHITELISTed; fixed.
JMFIXA filter with "BODY ISBLANK" will now work.
AVFIXA crash could occur with broken (long) BinHex lines; fixed.
AVFIXBANCRVIRUSES option would not control Conflicting Encoding vulnerability; fixed.
AVFIXWill no longer report "Error 0 in virus scanner...".
AVFIXFile banning will now take priority over an internal error.
AVFIXWill now process (malformed) MIME boundaries within uuencoded segments.
AVFIXA crash could occur with too many recipients; fixed.
AVFIXWill no longer show "To: copyall_account" in log file if copyall account used.
JMADD%BODY% variable, which displays the body of the E-mail.

1.70 [Beta, 29 May 2003]
PieceTypeChange
ALLFIXMakes sure that vacation messages do not get scanned.
ALLFIX%RECIPHOST% will now ignore recipients that IMail rejects.
AVFIXWill now use the virus name from the first scanner, if multiple scanners are used.
AVFIXWill prevent an error if MIME files recurse more than 50 layers deep.
AVFIXWill now look at both intended and actual recipient addresses for per-user settings.
JMFIXAUTOWHITELIST wasn't working properly; fixed.
JMFIXSPAMDOMAINS test will now not get triggered if reverse DNS times out.
JMFIXE-mails with lots of recipients could prevent actions from being taken on some recipients; fixed.
JMFIXFixes an issue where sender might not be seen as local.
JMFIXBASE64 test will now work on "single attachment with no body" E-mails; so will base64 filtering.
JMFIXREVDNS test will now handle CNAMEs properly.
JMFIXFilters will now process 8-bit characters properly.
JMFIXWill now use a public DNS server if no DNS servers are listed in IMail settings.
JMFIXCOMMENTS test will now also work with any made-up tag beginning with "
JMFIXSPAMDOMAINS test will now allow an alias (IE "hotmail.com msn.com" to check @hotmail.com, but allows either hotmail.com or msn.com in reverse DNS entry) .
JMADDDOSENDERACTIONS ON option to allow for actions based on the sender of the E-mail (in Declude Junkmail Pro).
JMADDPREWHITELIST ON option to automatically bypass spam tests for E-mail from whitelisted IPs or whitelisted return addresses.

1.69 [Beta, 16 Apr 2003]
PieceTypeChange
ALLADDAdded %REALRECIPS% variable that lists actual recipients (as opposed to %ALLRECIPS%, that lists intended recipients).
JMFIXCertain action combinations would not work (IE ALERT and ROUTETO); fixed.
JMFIX"whitelistfile" option will now work as an exact match, unless starts with '@' or '.'.
JMFIXMAILFROM and HELOBOGUS tests will now fail if localhost is returned as MX record (even if no 127.0.0.1 IP returned).
JMFIXWill now properly handle 1-character header extension (IE "Subject: Bla\r\n h").
JMFIX"nonenglish" test enhanced to detect subjects with highbits set.
JMFIXDeclude JunkMail headers will be added to Declude Virus caught E-mails again.
JMFIXWhitelisting of 'all@example.com' (IE in autowhitelist) wouldn't worked; fixed.
JMFIXMultiple headers/footers can now be used (IE "[This E-mail failed DSBL]" and "[This E-mail failed SPAMCOP]").
JMADDSupport for HTML non-comments (IE "This is spam"), and CRLFs ("mortgagequotes").
JMADDWHITELIST HELO option, WHITELIST SUBJECT option.
JMADD"spamdomains" test ("SPAMDOMAINS spamdomains c:\sd.txt..."; if sd.txt has 'hotmail.com' in it, then all E-mail from 'hotmail.com' must have 'hotmail.com' in reverse DNS).
JMADD"bcc" test (IE "BCC bcc 2 ..." to catch E-mails with 2 or more Bcc:'s that Declude JunkMail knows of). Will get triggered on lists!
JMADD"nolegitcontent" test (like IPNOTINMX, it is designed to give a negative weight to legitimate E-mail).
HIADDALLOWADDR option, to allow up to 20 E-mail addresses to send unlimited E-mail.

1.68 [Beta, 19 Mar 2003]
PieceTypeChange
ALLFIXEnhancements to Declude Queue.
ALLFIXLocal hostname could appear as "copyall_account"; fixed.
ALLFIXFixed an issue where %NRECIPS% could be double the actual count.
CONFIXDeclude Confirm wouldn't work properly when a copyall account was used; fixed.
AVFIXWill now scan E-mail for viruses before checking for hijacking in Declude Hijack.
JMFIXFixed an issue where the 'comments' test type would catch comments that shouldn't have been caught.
JMFIX%NRECIPS% variable is no longer limited to 100.
JMFIXWill no longer add Declude JunkMail headers (except XSENDER and XSPOOLNAME) if a virus is found.
JMFIXMAILFROM and HELOBOGUS tests will now fail if 127.0.0.1 is returned as IP.
JMFIXMAILFROM and HELOBOGUS tests will now fail if non-FQHN is found and a server failure occurs..
JMFIXOutgoing WARN, HEADER, FOOTER actions had been restricted to 64 characters; fixed.
JMFIXPERCENT test will now check both intended address and actual address, to catch quoted percent hack.
JMFIXWhitelist files will now work as exact matches, rather than partial matches.
JMADDAdds "nonenglish" test type.
JMADDAdds "subjectchars" and "subjectspaces" tests, which catch long subjects or subjects with lots of spaces.
JMADDAdds "dnsbl" test type to support new DNS-based spam tests (such as HELO-based tests).
JMADDAdds %IP4R%, %RHSBL%, %MAILFROMBL% and %HELO% variables.

1.67 [Beta, 03 Feb 2003]
PieceTypeChange
ALLFIXFixes an issue where truncated names may appear in %ALLRECIPS% variable.
ALLFIXDAISYCHAIN option wouldn't work with full paths; fixed.
AVFIXWill now catch viruses even if there are stray headers in base64 segment.
AVFIXWould try sending to "postmaster@copyall_account" for gatewayed domains; fixed.
AVFIXFixes a potential crash if a Content-Transfer-Encoding: header was >1000bytes.
JMFIXFixes an issue from 1.66 with Declude JunkMail Pro where it could crash if not all test actions defined in global.cfg file.
JMFIXWould whitelist all E-mail if "WHITELIST TODOMAIN" was used with the domain of a copyall account; fixed.
JMFIXFixes an issue where ip4r tests might not work on Lite version.
JMFIXWHITELISTFILE option would cause problems with other E-mails that should not have been whitelisted; fixed.
JMFIXWHITELISTFILE option wouldn't allow '.example.com'; fixed.
JMFIXWHITELISTFILE now allows format of "WHITELISTFILE @example.com C:\file.txt" or "WHITELISTFILE user@example.com C:\file.txt".
JMFIXREDIRECT will now allow domain redirecting ("REDIRECT @example.com filename...").
JMFIXCOPYTO action can now work on outgoing E-mail.
AVADDONLYSENDIFSENDER option added for .eml files.
AVADDAdds detection of Outlook 'Long Filename' Vulnerability.
JMADDAdds %USER% variable, which will allow 'TESTNAME ROUTETO spam-%USER%@example.com'.
JMADDAdds "AUTOWHITELIST ON" option in global.cfg file, which will use address books as whitelists ("all@all.com" will whitelist all incoming E-mail; "all@example.com" will whitelist all E-mail from @example.com).
JMADDAdds "comments" test type to detect anti-filtering HTML comments.

1.66 [Beta, 17 Jan 2003]
PieceTypeChange
ALLFIXFixed an issue with handled invalid registry entries.
ALLFIXWill no longer have 'could not unlock file' warning when an external program deletes a .smd file.
AVFIXWould detect bogus .EXT files incorrectly; fixed.
AVFIXWill no longer false positive on E-mails with the word 'begin' and '.com' on the same line.
AVFIXMIME segment in MIME preamble would be caught even with BANCRVIRUSES OFF; fixed.
AVFIXWill no longer try to send notifications to "[forged]".
AVFIXWill now add [incoming] or [outgoing] to To/From line at LOGLEVEL MID.
AVFIXWill now report the virus name at LOGLEVEL LOW, in "are INFECTED" line.
JMFIXWill now only run external tests once each, for better performance.
JMFIXWill now cache DNS entries when multiple ip4r tests are run on same zone.
JMFIXMultiple address aliases now work properly.
JMFIX0.x.x.x and 127.x.x.x will no longer have reverse DNS looked up.
JMFIXWill now keep a larger portion of the E-mail in memory, for improved filtering.
JMFIXCan now define an unlimited number of spam tests (was previously limited to 256).
JMFIXWill now automatically bypass lines with no IP in them.
JMFIXPERCENT test will now catch colons (IE "@declude.com:user@example.com").
JMADDExternal tests definitions can now be defined with "<50" ">50" instead of value or "nonzero".
JMADDPer-user/per-domain whitelisting ("WHITELISTFILE filename" in a .junkmail file).
JMADDAdds WHITELIST REVDNS (IE "WHITELIST REVDNS yahoo.com")
AVADDSKIPIFRECIP option (IE "SKIPIFRECIP @example.com" or "SKIPIFRECIP user@example.com").

1.65 [Release, 11 Dec 2002]
PieceTypeChange
AVFIXFixes an issue with 'Mismatched extensions' catching legitimate E-mails in rare circumstances.
AVFIXWill now allow multiple identical 'Content-Transfer-Encoding' lines without triggering a vulnerability.

1.64 [Beta, 04 Dec 2002]
PieceTypeChange
AVFIX'Mismatched extensions' vulnerability changed to only check file extension, not full name.
AVFIX'Conflicting Encoding' vulnerability will no longer catch RFC822 E-mails-within-E-mails.

1.63 [Beta, 25 Nov 2002]
PieceTypeChange
AVFIXWill now ignore comments within RFC822 headers.
AVFIXSaveable plaintext e-mails with a filename but no extension will now be scanned.
AVFIXFixes an issue where .wav MIME header vulnerabilities might not get caught.
AVFIXwill now get file extensions for filenames ending in a period.
AVFIXCan now have 8-bit characters in the FOOTER option.
AVFIXBanned file information (To/From/Subject) will now be recorded at LOGLEVEL MID.
AVFIXWill now process headers with no space after the colon.
AVFIXWill now start AV processes with inherited handles, to help with an issue with FSAV.
AVFIXFixes an issue where multilayer E-mails could get caught with MIME preamble vulnerability.
AVFIXBANEXT htm/html will no longer catch text/html MIME segments.
AVFIXWill now treat mismatches file extensions (IE eicar.com and eicar.txt) and .exe's.
JMFIXCan now have 8-bit characters in XINHEADER/XOUTHEADER options.
JMFIXFixes a problem that could occur when lots of ip4r tests were defined.
JMFIXWill now automatically bypass SMTP32-FWD lines.
JMFIXWill now cut off ", " at end of ALLRECIPS option, to improve filtering.
JMFIXWhitelisting a TODOMAIN would cause Habeas Headers whitelist to take effect; fixed.
JMFIXFixes an overflow and infinite loop problem with ALLRECIPS filter.
JMFIXAn undocumented test was removed due to support requirements.
JMFIXALLRECIP filtering option will now work with both intended and actual recipient addresses.
JMFIX'Couldn't move/copy datafile' warning will no longer occur if an external test deletes the E-mail.
JMFIXBogus CIDR ranges in whitelisting will now be treated as /32's.
AVADDSKIPIFVIRUSNAMEDOESNOTHAVE option added for .eml files.
AVADDAdded detection of Outlook 'MIME Section in MIME Preamble/postamble' vulnerability detection.
AVADDDetection of 'Conflicting Encoding' vulnerability added.
JMADDAdded ALLRECIPS filter

1.62 [Beta, 04 Nov 2002]
PieceTypeChange
AVFIXChanges uuencoded detection to prevent false positives.
AVFIXSome vulnerabilities could produce many log file entries; fixed.
AVFIXPer-user/per-domain "ON" settings will now override any "OFF" settings.
JMFIXWill now handle multiple return codes in ip4r tests.
JMFIXwill now record the action for each test that fails.
JMFIXChanges handling of invalid "[?.?.?.?]".
JMFIXExternal tests can now have variables in their definitions.
JMFIXAdds a failsafe for invalid CIDR ranges in IP blacklists.
AVADD%NOUNKNOWNVIRUSNAME% variable that will return the virus name, or nothing if "Unknown Virus".
AVADDSKIPIFSENDER option for .eml files (such as "SKIPIFSENDER @example.com").
JMADDAdds COUNTRY (of remote mailserver) and COUNTRIES (of any mailservers in chain) to filter.
JMADDAdds %COUNTRYCHAIN% variable.
JMADDAdds "ipnotinmx" test, which catches E-mail sent from an IP not in the MX records of sending domain.
JMADDHABEAS whitelist type, for whitelisting E-mails with Habeas headers ("WHITELIST HABEAS").
JMADDNew "habeas" test type, to allow for negative weighting of E-mails with Habeas headers.

1.61 [Beta, 23 Sep 2002]
PieceTypeChange
AVFIXAdded detection of many new vulnerabilities.

1.60 [Release, 13 Sep 2002]
PieceTypeChange
JMFIXFixes a problem with bogus headers that were too long.
JMFIXWill now properly handle Subject: headers with no space after "Subject:".
JMFIXWHITELIST IP will now only work as exact match, unless it ends in "." (to prevent '10.10.10.1' whitelisting '10.10.10.10').
JMADDNew "base64" test type (beta).
AVADDDetection of "Partial Vulnerability" ("Fragmented").

1.58 [Beta, 27 Aug 2002]
PieceTypeChange
ALLFIXFixes an issue where SendName registry entry could be incorrectly changed back to Declude.exe.
ALLFIXTakes care of a rare problem that could occur when E-mail headers are added.
JMFIXFixes a problem that could occur with "fromfile" test type.
JMFIXWhitelist log file entry will now show which log file entry caused the E-mail to be whitelisted.
JMFIXFixes an issue where a corrupt To: address could cause Declude JunkMail not to work properly.
JMFIXReverse DNS entries with a trailing "." will now have them removed (so the "ENDSWITH" filter type will work as expected).
JMFIX"fromfile" test type will now only use exact match (so "name@example.com" will no longer catch "username@example.com").
JMFIXWill now get correct IP when HELO/EHLO appears with brackets.
JMFIX%TESTSFAILED% will now return "Whitelisted" if an E-mail is whitelisted.
JMFIXFixes an "nwhitelists>200" error that could occur if reverse DNS entries appeared in parentheses in the Received: header.
JMFIXDNS engine changed to support IPv6 entries in packets that Declude JunkMail receives.
AVFIXWorkaround for an IMail bug that sends bogus filenames when a root directory is used for the spool ("D:\\...").
AVFIXFixes a problem where Mac files with no extension could get caught if an EOF occurred.
AVFIXAllows "TEMPDIR D:\" (before, only "TEMPDIR D:" would work).
AVFIXSwitches priority of SKIPEXT/BANEXT, so files will be banned if they are listed as both SKIPEXT and BANEXT.

1.57 [Beta, 30 Jul 2002]
PieceTypeChange
JMFIXHELOBOGUS will now only be tested on non-local senders.
JMFIXHELO detection wasn't using correct hop; fixed.
JMFIXAn issue STARTSWITH in filter was fixed.
JMFIXROUTETO/COPYTO can now use variables (IE "spam@%LOCALHOST%").
JMFIXFixes an issue where starting external programs could fail (0xC0000142 error without a .DLL listed).
JMFIXTakes care of possible whitelist corruption when certain Received: headers were processed.
JMADDIS filter type.
JMADDENDSWITH filter type.
JMADDHEADERS filter location.
JMADDREDIRECT option in config files to allow configuration "groups".

1.56 [Beta, 10 Jul 2002]
PieceTypeChange
AVFIXE-mail addressed with a trailing dot ("user@example.com.") will now use per-user/per-domain settings.
AVFIXWill not trigger MIME vulnerability for attachment-only (no body) .wav/.mpg E-mails.
AVFIXMakes sure that unnamed attachments will not get banned based on extension (Content-ID:).
AVFIXBANCRVIRUSES will now control blank folding vulnerability as well.
JMFIXExternal programs now started as detached processes.
JMFIXWill now log tests that fail, if they have a weight, even if IGNORE action is used.
JMFIXBADHEADERS test will now catch bogus non-standard headers (with no ":").
JMFIXHELO of $domain will set off BADHEADERS instead of SPAMHEADERS.
JMFIXHELO will now honor HOP settings.
JMFIXSupport added for DNS-based spam tests that return CNAMES and multiple values.
JMFIXDUL tests will now be skipped for local users.
JMADD"weightrange" test type to allow for a range of weights (IE 10 through 15).

1.55 [Beta, 18 Jun 2002]
PieceTypeChange
ALLFIXFixes issue with FOOTER action and E-mails with a CTRL-Z in them.
JMFIXRenamed FOLDER action to MAILBOX to prevent massive confusion with directories.
JMFIXFixes an issue with IP checking changes in 1.54 on multi-hop setups.
JMFIXATTACH action can now use %WARNING% variable.
JMADDAdds "externalplus" test type, where a exit code of 1 will whitelist an E-mail (2-9 are reserved).
JMADDAdds "weight" response type for external test type, to indicate that the exit code is a weight.
JMADDAdds "weightmatch" test type, to indicate an exact match (IE will only get triggered if the total weight is 10, but not if it is 11).
JMADDAdds "filter" test type.
AVADDSupport for Outlook MIME headers exploit detection.
AVADDFORGINGVIRUS option to set sender of virus to [Forged].

1.54 [Beta, 07 Jun 2002]
PieceTypeChange
JMFIXWill now properly handle IP addresses in parentheses in Received: header.
JMFIX%WEIGHT% will now show as 0 for whitelisted E-mail.
JMFIXWHITELIST TO can now be used on Standard version, for abuse@ and postmaster@ addresses.
AVADDSUBJECT configuration option to alter subject for virus scanned E-mail (IE "SUBJECT [Virus Scanned]").
JMADDLOOSENSPAMHEADERS configuration option to skip Message-ID: header check in SPAMHEADERS test.
JMADDHELOBOGUS test to verify that HELO text is valid with an MX or A DNS record.
JMADDNew FOLDER action (Pro version only) to move spam to a folder.
JMADDNew COPYTO action (Pro version only) to copy spam to a specific E-mail address.
JMADDNew ROUTETO action, to re-route spam to a specific E-mail address.

1.53 [Release, 11 May 2002]
PieceTypeChange
AVFIXLast 2 bytes of base64-encoded segments might not get saved; fixed.

1.52 [Release, 09 May 2002]
PieceTypeChange
AVFIXOn-access scanners without command line scanners no longer need a stub program.
JMFIXCIDR ranges no longer need non-significant bits set to zero (IE "192.168.112.1/24" is OK now)
JMFIXNow supports CIDR /32 range for a single IP (IE "10.123.2.44/1").

1.51 [Beta 01 May 2002]
PieceTypeChange
ALLFIXMore tweaking with mailing list E-mails.

1.50 [Beta 26 Apr 2002]
PieceTypeChange
ALLFIXMailing list E-mails may have been delayed 1-2 hours; fixed.
AVFIX"Blank Folding" Outlook vulnerability could get triggered with RFC822 attachments; fixed.
JMFIXWHITELIST TO and WHITELIST TODOMAIN might not have worked in certain situations with multiple recipients; fixed.
ALLADDDAISYCHAIN option to allow for programs other than smtp32.exe to be called after Declude.

1.49 [Beta 24 Apr 2002]
PieceTypeChange
AVFIXFixed an issue with uudecoding that came up in the previous release.

1.48 [Beta 23 Apr 2002]
PieceTypeChange
ALLFIX.LST files will no longer need to be scanned.
JMFIXProblem with new ATTACH action and message bodies >8K; fixed.
AVADDAn issue with ONACCESS ON setting fixed.
AVADDImproved base64/uudecoding funcionality
AVADDDetection of Outlook "Blank Folding" vulnerability.

1.47 [Beta 22 Apr 2002]
PieceTypeChange
JMFIXDNS engine changed to prevent a temporary handle loss if no DNS packet returned.
JMFIXWHITELIST and ipfile test type now can use CIDR ranges (IE 192.168.0.0/16 or 10.11.12.0/24).
AVADDSKIPIFVIRUSNAMEHAS can now be in the headers of .eml files to prevent the notification from getting sent for certain viruses (IE "SKIPIFVIRUSNAMEHAS Klez").
JMADDWHITELIST TODOMAIN to whitelist all mail for a domain (IE "WHITELIST TODOMAIN example.com").
JMADDWHITELIST TO (Pro version only) to whitelist all mail for a user (IE "WHITELIST TO user@example.com").
JMADDAdded ATTACH action (Pro version only), which converts an annoying spam into a more pleasant attachment (uses \IMail\Declude\spamattach.eml).

1.46 [Release 26 Mar 2002]
PieceTypeChange
JMFIX%TESTSFAILED% will now return "None" if no tests failed.
JMFIXWill no longer run ip4r tests on private IP ranges.
ALLFIXLog files will now show 17-character spool filename (IMail 7.06HF1+) rather than first 7 characters.
ALLFIXEnhancements made to file IO when adding headers and making other changes to E-mail.

1.45 [Beta 19 Mar 2002]
PieceTypeChange
AVFIXNow supports most possible corrupt MIME segments, such as those used by some Gibe and FBound variants.

1.44 [Beta 12 Mar 2002]
PieceTypeChange
JMFIX# of whitelist entries increased to 200; code added to prevent issues when max is reached.
CONFIXNow supports 17-character filenames (from IMail 7.06HF1).

1.43 [Release 12 Mar 2002]
PieceTypeChange
AVFIXTakes care of a problem where spaces in a MIME segment could cause scanner to see a corrupt attachment; fixed.
AVFIXFixed an issue with 1.42 where files could not be moved between drives.

1.42 [released 07 Mar 2002]
PieceTypeChange
JMFIXFixed potential issue with "Copy all mail" that could cause subject to get altered.
JMFIXHEADER/FOOTER/SUBJECT can now use variables.
AVFIXWill now automatically replace an E-mail already in the VIRDIR directory (rather than letting a virus be delivered if duplicate spool file names occur).

1.41 (beta)
PieceTypeChange
AVFIXAn priority issue was discovered when multiple recipients of a virus had different settings; fixed.
ALLADD%CR% variable to add a linefeed (IE for Declude JunkMail HEADER option).
AVADDXSPOOLNAME and XSENDER options added

1.40 (beta)
PieceTypeChange
AVFIXWill now treat E-mails with the Microsoft Outlook "CR" Vulnerability as a virus.
AVFIXuuencoded files with bogus filenames might not have been scanned; fixed.
JMFIXDefault X-RBL-Warning: header now includes the name of the test that failed.

1.39 (beta)
PieceTypeChange
JMFIXIn some cases WARN action data could be used with SUBJECT action; fixed.
AVFIXCLSID extension check now will only trigger if CLSID is in extension (not if it only appears in filename).
AVFIXChanges made for Lite version support.

1.38
PieceTypeChange
JMFIX"fromfile" test could cause header corruption when used with WARN action; fixed.

1.37 (beta)
PieceTypeChange
ALLFIXChanged "D" file renaming to realtime priority to prevent IMail from stealing the file.
AVFIXFixes an issue where ONACCESS ON might not work properly.
JMFIXWARN action might not have worked properly with multiple recipients; fixed.
JMFIXWeighting for "external" test type wasn't working; fixed.
JMFIXAnother change to get variables to work with the SUBJECT action.
JMFIXWarning message for "fromfile" test type might be corrupt; fixed.
JMFIXDomains in "fromfile" test type might not have worked correctly; fixed.

1.36 (release)
PieceTypeChange
ALLFIXIn some rare cases IMail could possibly re-use a D file Declude was using; fixed.
AVFIXWith multiple scanners, if one was broken, the other couldn't be used; fixed.
AVFIXSome broken uuencoded segments that couldn't be scanned now can.
JMFIXA problem came up where the WARN action might not get used; fixed.
JMFIXCan now use variables with the HEADER/FOOTER actions.

1.35 (release)
PieceTypeChange
AVFIXChange to prescanning code to verify that only HTML files are prescanned.
JMFIXChange to make sure that <> won't fail MAILFROM test.
JMFIXCan now use variables in subject action (IE "WEIGHT10 SUBJECT [WEIGHT=%WEIGHT%].
JMADD%TESTSFAILED% variable (IE "BADHEADERS,MAILFROM").

1.34
PieceTypeChange
AVFIX"Virus Found" will now take priority over a banned file extension.
CONFIXWill now work properly with domain aliases (IE imailsrv@example.com -> imailsrv@mail.example.com).
JMFIX%ALLRECIPS% will now be truncated if very long.

1.33
PieceTypeChange
JMFIX%ALLRECIPS% in XINHEADER option could crash; fixed.
JMFIXDomains listed in "fromfile" test type now work as a partial match.
JMFIXAnother tweak to prevent global.cfg from being used instead of $default$.JunkMail.
AVFIXWill now properly handle E-mails with more than 100 MIME segments.

1.32
PieceTypeChange
ALLFIXNow starts programs (smtp32.exe, scanners, etc.) with no window, which should eliminate Microsoft/IMail/Declude's 0xC0000142 problem.
ALLFIXMaximum address length Declude will display changed from 64 to 129.
JMFIXMAILFROM test wasn't counting towards weighting; fixed.
JMFIXglobal.cfg file still be used in some cases; fixed.
JMFIXBADHEADERS test will now be triggered if no To: or From: header.
JMFIXBADHEADERS test will now detect bogus "numbered" time zones.
JMFIXWHITELIST ANYWHERE now case insensitive.

1.31
PieceTypeChange
JMFIXMore changes to ensure global.cfg only used for outgoing mail.
JMFIXExternal programs now need to be formatted as 'TESTNAME external returnvalue "filename"'.
AVFIXDual scanners wouldn't work properly; fixed.
AVFIX1.30 wouldn't work with non-standard spool directories without using TEMPDIR option; fixed.
AVFIX"ERROR 123 opening outfile" problem fixed.
AVFIXTNEF problem fixed (wouldn't work properly with files not using winmail.dat name).

1.30
PieceTypeChange
JMFIXNo longer fails BADHEADERS test with invalid "@localhost" in Message-ID:, to allow E-mail from Pegasus through.
JMFIXCould miss first character of username, fixed.
JMFIXAdds support for internal IPs shown by Interscans weird headers.
JMFIXRemoved POPUP action to remove reliance on user32.dll (to minimize "C0000142" issues).
AVFIXWill now display the name of a file even if it is not in quotes.
AVFIXWill now display the name of a file even if it is only listed in Content-Disposition: header.
AVFIXMajor overhaul to the MIME decoding routines.
ALLFIXDeclude.exe now shrunk to about 1/2 original size.
ALLFIXDeclude.exe dependency on user32.dll eliminated, which will help with IMail's "C000142" issue.
JMADD%HEADERCODE% variable to display Declude's code for BADHEADERS/SPAMHEADERS tests.
AVADDDELIVERERRORS ON config option to deliver E-mail when an error code is reported by scanned.
AVADDTEMPDIR config option to let you choose directory that Declude scans files in.
AVADDSLEEP config option to have Declude "sleep" for a certain number of seconds (so you can see decoded files).
AVADDWill automatically detect F-Prot.PIF file and delete it, so it doesn't prevent mail from being scanned.
AVADDPRO version: Support for multiple scanners using SCANFILE2, VIRUSCODE2, REPORT2, OKCODE2.

1.29
PieceTypeChange
AVFIXONLYSENDIFLOCALRECIPIENT wasn't working properly; fixed.
JMFIXWHITELIST would not work with MAILFROM test; fixed.
JMFIXSWITCHRECIP option wasn't working properly; fixed.
JMFIXExtra IP ranges added to SPAMROUTING test.
ALLADDCan use relative paths for LOGFILE and VIRDIR config options.
AVADDBANCLSID option to ban hiding file extensions with CLSIDs.
AVADDFOOTER option to add a footer to scanned E-mail.
AVADDDELETEVIRUSES option to allow deleting of viruses rather than quarantining them.
AVADDIf a BANnotify.eml file is present in \IMail\Declude, it will be sent when files with banned attachments are received.
AVADDTNEF (Exchange "winmail.dat") support added.
AVADD%BANEXT% variable added for BANnotify.eml (displays extension that was sent, IE "scr").
AVADDOKCODE config option to allow E-mail through when a virus scanner reports a certain code (such as for hoaxes).

1.28
PieceTypeChange
JMADDAdds weighting system.
JMADDSWITCHRECIP option; when set to ON will use intended recipient (alias@) rather than actual recipient (user@).
JMFIXSplits HEUR test into 10 levels (1: Very unlikely spam, to 10: Almost certainly spam).

1.27a
PieceTypeChange
AVADDONLYSENDIFLOCALRECIPIENT and ONLYSENDIFREMOTERECIPIENT for .eml template files.
ALLFIXSets desktop/workstation to "" not NULL for new processes to help prevent 'flashing' windows on screen.
ALLFIXAdds Declude Queue.

1.27
PieceTypeChange
JMFIXOutgoing E-mail using FOOTER action might not work; fixed.
AVFIXFiles that are BANned will now have their extension listed in the logs at LOGLEVEL HIGH.
AVFIXBANEXT will now no longer apply to BinHex files (since the extension can not be determined by examining the headers).
AVADDPRESCAN configuration option added (for Declude Virus Pro), when set to ON will pre-scan HTML files (if no dangerous code is found, it won't be sent to the scanner, saving CPU time).

1.26
PieceTypeChange
JMFIXWill now allow lines >1024 characters in headers.
JMFIXMAILFROM test warning message changed to be more understandable.
JMFIXDNS engine now has a failsafe to prevent possible infinite loops.
ALLADD%HEADERS% variable to display headers of E-mail.
ALLADDPID ON config option to display PID in debug log files.
ALLADDPIDDEBUG ON config option to save debug logs to separate file for each Declude process.
AVADDFiles that Declude saves are now treated by Windows as temporary files, for improved performance.
AVADDAdds IP address of remote sender to log file at MID or higher.
AVADDWill now scan plainttext segments that have a file name, due to horribly buggy mail clients that could possibly allow future viruses to be run that way.
JMADDPERCENT test added, to detect rare routing with a percent sign in E-mail addresses that IMail anti-relaying settings may not catch.

1.25a
PieceTypeChange
AVFIXLOG_OK config option broke in 1.25; fixed.
AVFIXBetter checking for spaces in SCANFILE config option.
JMFIXALERT/BOUNCE might not work properly; fixed.
JMFIXWarning message in bounce/alert E-mails could be from wrong test when multiple tests failed; fixed.
JMFIXCould produce extraneous characters ("iiiii") in headers with WARN action; fixed.
JMFIXAdds extra logging when MX record lookup fails (at LOGLEVEL HIGH).
AVADDAdds %REMOTEIP% variable to return IP address of remote server.

1.25
PieceTypeChange
ALLFIXA crash (unnoticeable) could occur in unusual circumstances; fixed.
AVFIXAdds a 'banned' message to the log when E-mails are banned based on their extensions.
JMFIXVariables in BOUNCE/ALERT E-mails could be set to wrong test; fixed.
JMFIXHEADER/FOOTER could occur multiple times; fixed.
JMFIXWill not fail MAILFROM test if server reports a failure.
AVADDWill now report the error code that a scanner returns.

1.24
PieceTypeChange
ALLFIXIf SendName registry entry is not declude.exe or smtp32.exe, Declude won't try to set it back to declude.exe.
ALLFIXGets rid of extraneous Declude.rsp file (from 1.23).
AVFIXCould send .eml files for Declude JunkMail or Declude Confirm; fixed.
AVFIX%LOCALHOST% will now use official host name for remote-to-remote E-mail (where neither sender nor recipient are local).
JMFIXPossible crash in bounce messages if they were over 32K; fixed.
JMFIXMAILFROM test could get triggered on a DNS timeout; fixed.
JMFIXAdds error checking to see if an E-mail can't be moved to the hold directory.
JMFIXHEADER action can now be up to 1,000 bytes long.
JMFIXAll DUL tests (any with DUL in the name, such as OSDUL) will bypass first hop.
CONFIXProblem using listserv@ address; fixed.
AVADDBANEXT config option to allow you to ban certain file extensions (which get quarantined, but no notifications get sent out). Usage: "BANEXT exe".
AVADDAdding "ONLYSENDIFLOCALSENDER" or "ONLYSENDIFREMOTESENDER" on a line by itself in .eml files will force Declude to only send the notification if the sender is local/remote.
AVPROADDPer-domain and per-user scanning now available.
HIADDALLOWIP config option to allow certain IPs to send unlimited mail. Usage: "ALLOWIP 127.0.0.1".

1.23
PieceTypeChange
AVFIXWill now send notifications to postmaster@%LOCALHOST% for the "Snow White" virus.
AVFIXWill verify there are no spaces in SCANFILE option.
JMFIXBetter support for failed DNS queries.
JMFIXImproved DNS lookups (most now done in parallel, reducing delivery delays).
JMFIXNow supports domains greater than 64 bytes in length.
JMFIXWill better handle REVDNS test if there is a timeout.
HIFIXNow accepts listsrv@ as well as imailsrv@.
ALLFIXWill now timeout after 30 seconds of trying to lock a file.
DNSFIXMany improvements to the DNS engine.
JMADDACTION: BOUNCE (beta!) will return a 'bounce' message, and not deliver the spam.
JMADDACTION: ALERT (beta!) action will return a 'bounce'-like message, but will also deliver the spam.
JMADDACTION: POPUP. This will display a pop-up box. Likely of limited use (except with CATCHALLMAILS for important addresses?).
ALLADDDiagnostic mode added. Typing "Declude -diag" from a command prompt will display diagnostic information.

1.22a
PieceTypeChange
CONFIXWould not always record to log file at LOW setting; fixed.
CONFIXCould fail to work if subscribe message was > 8000 characters.
JMFIXIf recipient file couldn't be opened after spam processing, processing could halt; fixed.

1.22
PieceTypeChange
CONADDAdds Declude Confirm.

1.21c
PieceTypeChange
JMFIXChanges max. length of warning message to 255 characters.
JMFIXSPAMROUTING wouldn't work properly with several overseas IPs; fixed.
JMFIXWARN action with REVDNS will now display a message in the header.
JMFIXReverse DNS lookup will return "(Private IP)" for private IP addresses.
JMFIXNow treats 0.0.0.0 as a private IP.
JMFIXSPAMROUTING will now handle private IPs not marked as such.

1.21b
PieceTypeChange
JMFIXTEST TYPE: revdnsexists broke in 1.21a; fixed.

1.21a
PieceTypeChange
JMFIXACTION: WARN action could be missing CRLF; fixed.

1.21
PieceTypeChange
JMFIXCould cut off first character of "To:" address in log files for digest messages; fixed.
JMFIXACTION: WARN action can now take a string (IE "RBL WARN X-RBL-Warning: %WARNING%").
JMFIXCONFIG: Changed WHITELIST option so it can accept spaces.
JMADDACTION: BEEP action added. "RBL BEEP 1000 100" (MHz/ms)
JMADDTEST TYPE: "rhsbl", to do DNS-based lookups on MAIL FROM host name, rather than IP address. IE dsn.rfc-ignorant.com.
JMADDTEST TYPE: "revdnsexists" to make sure a reverse DNS entry exists for the remote servers' IP address.
JMADDVARIABLE: %WARNING% to return warning message (from the TXT record in DNS lookups).
JMADDVARIABLE: %TESTNAME% to return the name of the test ("RBL").
JMADDVARIABLE: %TESTDOMAIN% to return the domain used by DNS tests ("inputs.orbs.org").
JMADDVARIABLE: %REVIP% to return the IP address of the remote DNS server.
JMADDVARIABLE: %REVDNS% to return the reverse DNS entry for the mail server's IP address.

1.20 [Public Release]
PieceTypeChange
AVFIXSome people had problem with a deccon.exe error; fixed.
JMFIXWHITELIST sometimes wouldn't work properly; fixed.

1.19
PieceTypeChange
JMFIXA buffer overrun could occur in certain cases with many recipients; fixed.
AVFIX%ALLRECIPS% now will have a space after commas for multiple recipients.
AVFIX%LOCALHOST% could return a remote domain in certain circumstances; fixed.
AVFIXSkipping files (.GIF, etc.) could leave .vir directories behind if plain text segments occurred afterwards; fixed.
AVFIXInvalid .eml template files (such as no From:) would cause Declude to stop processing at that point; fixed.
AV/JMADDIf Declude's registry hook gets changed, running declude.exe manually will fix it.
AVADDONACCESS config option. Should be set to ONACCESS OFF unless you use an on-access scanner with Declude. Will prevent issues with incorrect REPORT config option.
AVADDSCANNERTIMEOUT config option, to set the number of seconds Declude will wait for a scanner to end. Will minimize impact of F-Prot .PIF "never end" bug.
JMADDWHITELIST config option (IP/FROM/ANYWHERE). Lets you whitelist an IP/MAILFROM or body text, to prevent E-mail from getting caught. IE "WHITELIST IP 192.168.10.2"

1.18
PieceTypeChange
JMFIXDNS engine change to prevent problem with some E-mails not being scanned if MAILFROM test was used.
JMADDSupport added for external third party programs to be used to enhance Declude.
AVADDWill now skip over duplicate mailing list messages.

1.17
PieceTypeChange
AVFIXQuoted file names in uuencoded sections would get caught as viruses; fixed.

1.16d
PieceTypeChange
AVFIXv1.16c could report false positives; fixed.
AVADD%VERSION% variable added.

1.16c
PieceTypeChange
AVFIXWill now delete all .SM# files from spool directory, even if E-mail was not sent.
AVFIX%VIRUSNAME% should now work properly.

1.16b
PieceTypeChange
AVFIX%VIRUSNAME% and %VIRUSFILE% return "Unknown" when name/file can't be determined.
AVFIXWill no longer send E-mail from "postmaster@Unknown" for Snow White virus.
AVFIXWill now allow blank lines anywhere in .eml template files.
AVADDWhen using REPORT cfg option, will record virus file and name to log.
JMFIXWould consider mail server versions (such as 5.5.1024.3) an IP address in rare situations; fixed.

1.16
PieceTypeChange
AVFIX%LOCALHOST% could return hostname of remote sender instead of local domain if a domain alias was used; fixed.
AVFIXE-mail notifications could have several extra blank lines at top; fixed.
JMFIXCould tag incoming E-mails as outgoing (remote) if a domain alias was used; fixed.

1.15
PieceTypeChange
AVFIXWill now wait 10 minutes (instead of 60) for imail1.exe to send E-mail notifications.
AVFIXDomains with a "-" in them will now have E-mail notifications sent properly by imail1.exe.
AVFIX%ALLRECIPS% will now show the intended recipients, rather than the final recipients (IE when using aliases).
AVFIX%VIRUSFILE% will now work with McAfee .ZIP file scanning.
AVFIXWill no longer send notifications to "<>" .
AVFIXimail1.exe would add a space to some domain names; fixed.
AVADDWill now pop up the imail1.exe window if any problems occur sending notifications.
AVADD%SENDERHOST% and %RECIPHOST% variables added to return the host of the sender and recipient.
JMFIXCould add multiple Subject: headers; fixed.
JMFIXRe-working of DNS server name resolution; people using the "DNS" config option should now be able to take it out.
JMADDBADHEADERS test detects headers that are frequent in spam, and should never occur in legitimate E-mail.
JMADDSPAMHEADER test detects headers that are frequent in spam, and rarely occur in legitimate E-mail.
JMADDSPAMROUTING test detects poor routing common to spam, but rare in legitimate mail.
JMADDCATCHALLMAILS test that will mark ALL mail as spam. This is NOT a spam test.

1.14
PieceTypeChange
AVFIXWill now handle the MIME x-uuencoded file type as well as standard uuencoded attachments.
AVFIXWill now scan "\IMail\spool\dir\" rather than "\IMail\spool\dir\*.*", since a couple virus scanners choked on "*.*".
AVFIXWill default internally to MIME type text/plain per RFC1521.
AVFIXHandling of MIME type "quoted-printable" could be flawed; fixed.
AVADDWill now handle BinHex Mac encoded attachments.
AVADDMID logging level will now show attachment file names.

1.13
PieceTypeChange
AVFIX%LOCALHOST% will now use recipient's domain name, rather than the IMail Host Name (which could be incorrect)
AVFIX%LOCALHOST% and %REMOTEHOST% will now work correctly (before, they could be switched for outgoing E-mail)
AVADDConfig options INCOMING ON/OFF and OUTGOING ON/OFF to turn on/off scanning of incoming/outgoing E-mails
AVADDMID logging level will now record from/to/subject
AVADDNotifications: Will not send E-mail to NULL domains (based on incoming mail from "<>")
JMFIXWill prevent extra copies of header warnings from being added
JMADDConfig option IPBYPASS that will bypass an IP address (for example, your backup mail server) and start scanning at the next hop.
JMADDDUL test will now only be used on the first hop
JMADDConfig option XSENDER that will always add a header in the format "X-Declude-Sender: MAILFROM [IP]"
JMADDConfig option XSPOOLNAME that will always add a header in the format "X-Declude-Spoolname: Q1234567.SMD"
JMADDConfig options RELAYTHRESHOLD1 and RELAYTHRESHOLD2 for later use (Hijack detection in Pro version)
JMADDConfig options XINHEADER and XOUTHEADER to always add a header on incoming/outgoing E-mail (can use variables)
BOTHFIXThere was a possibility of a crash if incoming E-mail was addressed without a domain; fixed.
BOTHADDEnhanced debugging information will be recorded in the event of a crash.

1.12
PieceTypeChange
AVFIXYou can now use lines beginning with "To:" "From:" or "Subject:" in E-mail template files.
AVFIX%REMOTEHOST% variable will now use "Unknown" for NULL senders ("<>"), instead of "localhost".
AVFIXWill no longer try sending E-mail to sender when the sender is a NULL sender("<>").
AVFIXWill make sure that temporary body file for E-mail notifications gets deleted from spool directory.
AVADDAdded %QUEUENAME% variable, which returns the queue file name (IE Q1234567.SMD).
AV/JMADDAdded CONSOLE ON/OFF configuration option for future use.
JMADDAdded HOPHIGH configuration option to specify a range of hops to scan. Declude will now scan from hop HOP to hop HOPHIGH.
AVADDWill now try up to 5 times to re-scan files if the scanner reports an error (should help users with McAfee choking on too many scans).

1.11b
PieceTypeChange
AV/JMFIXProblems processing .LST files; fixed.
DNSFIXWill properly distinguish between DNS server IPs and domain names.
AVFIX%DATE% used // as delimiter; changed to /.
AVFIXSome E-mail addresses in variables would have a trailing '>'; fixed.
AVADDWill now use "<>" for blank senders instead of "".
AVADD%SUBJECT% variable; returns the subject of the E-mail.
AVADD%MSGID% variable; returns the Message-ID of the E-mail.

1.11
PieceTypeChange
AVFIXWill now work with E-mail clients that use non-quoted boundaries (such as Pegasus).
AVADDE-mail notifications.
AVADDWill kill AV processes that stay around for 1 hour.
AVADDWill scan multiple attachments at the same time, rather than separately, minimizing the number of AV processes started.
AV/JMADDIf you use #### in the log file name, it will be replaced with the date. For example, "LOGFILE C:\IMail\spool\dec####.log" will create dec0101.log on January 1st.

[Legend: AV=Declude EVA; JM=Declude JunkMail; DNS=DNS Engine FIX=Bug fix or change to an existing feauture; NEW=New feature]


  CONTACT | CAREERS | DIRECTIONS | PRIVACY STATEMENTS
Copyright 2009 DECLUDE Inc. All Rights Reserved
Declude a division of DNSstuff Enterprise.



To be removed from our mailing list please click here