Declude email security - Call 866 332 5833
Toll Free 1.866.332.5833
        Release Notes
 
Manuals
EVA Manual
Hijack Manual
Interceptor Alligate Manual
JunkMail Manual
Release Notes
Self Support
Knowledge Base
Install & Upgrade Guide
Feedback Loops
Tips & Tricks
AHBL Setup
Filter Configuration
Declude Security Suite 4.10.53 [7 July2010]
PieceTypeChange
AVFIXUpdate AVG SDK to 1.7.9836 to fix the problem with using the SDK on a machine with AVG 9.0.837
DECADD

Allow the user to specify HOMEREGION specifically designed for users outside of North America and applies to the ROUTING test. Add one of the following depending on your region to the declude.cfg (North America is the default)

HOMEREGION   Afrinic
HOMEREGION   Apnic
HOMEREGION   Anic
HOMEREGION   Lacnic
HOMEREGION   Ripe_ncc

More information on your specific country can be found here

CTFIXChanged ZEROHOUR test to work the same as other tests. Remove the old line ZEROHOUR 12 Located in the Global.cfg add the new configuration

COMMTOUCH
ZEROHOUR
x
x
12
0
SNFADD

Added "nonzero" option for SNF test. Located in the Global.cfg

SNIFFER
SNF
x
NONZERO
10
0
SNFFIXChanged from message id = "TestMessage" to display the spool name

Declude Security Suite 4.10.48 [27 April 2010]
PieceTypeChange
JMFIXFix for SNF Authentication to turn off without having to restart Decludeproc
JMFIXFix closing files when PCRE dll encounters an error
AVFIXFix memory leak in AVG SDK Release Instance
AVADDUpdated AVG SDK to 1.7.9783 added avgcorex.dll and avgcert.dll
DECFIXOptimize code for moving files to the \spool directory for Smartermail & IMail
DECFIXFixed variable in the MoveToError function which were declared globally

Declude Security Suite 4.10.42 [28 December 2009]
PieceTypeChange
JMADDAdd Imail support for SQL Database. Declude can check the SQL DB for Autowhitelist.
JMADD IPNOSCAN for IMail
JMADDAdd a new directive POSTINIFIX uses either ON or OFF in the declude.cfg file. Postini is a large managed email service which amend the header structure. The Postini fix helps Declude correctly identify Postini headers. To configure on use POSTINIFIX      ON
JMADDAdd the Recpient, mailfrom and subject information to the blklst.txt file. The format blklst.txt file is

Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfailed

Example Multiple Recipients:
10/14/2009|11:40:06.109|53|24.177.234.76|18|testing@yahoo,begood@yahoo.com,donotlike@gmail,|owner-nolist-30960_*bigm**ridgecable*-com@soar.soulfulbliss.com|[59]Guaranteed*-payment-center|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINMX=0,SORBS-DUL=5,FIVETEN-SRC=2,ZEN=7,SORBS=7,DYNHELO=5,FROMNOMATCH=2,WEIGHT10=10,WEIGHT14=14,|

Example One Recipient:
10/14/2009|11:40:06.296|15|218.16.123.185|37|spam@hcas.net,|info_claimsprocessgabjgfuwge@gmx.net|CONTACT AGENT FOR
CONFIRMATION|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINMX=0,FIVETEN-SRC=2,NJABL=4,BASE64=4,CMDSPACE=8,DYNHELO=5,HELOBOGUS
=5,REVDNS=10,SPFFAIL=10,WEIGHT10=10,WEIGHT14=14,WEIGHT20=20,WEIGHT30=30,|
JMADD IPBYPASS can be configured with CIDR
JMADDNew Header directive XWHITELIST     ON in the global.cfg will give the reason for why the email was WHITELISTED in the header of the email.
JMADDIntegrated Message Sniffer with Declude. Will use Declude rulebase. (If you are a current Message Sniffer user this does not apply to you unless you want to switch and use the Declude rulebase) To configure the SNF files need to be edit by the user, where the [PATH] needs to be the actual path on your server.

getRulebase.cmd

SET SNIFFER_PATH=[PATH]\declude\scanners\SNF\

Snf_engine.xml file

<log path='[PATH]\declude\scanners\SNF\'/>
<rulebase path='[PATH]\declude\scanners\SNF\'/>
<workspace path='[PATH]\declude\scanners\SNF\'/>

<update-script on-off='on' call='[PATH]\declude\scanners\SNF\getRulebase.cmd' guard-time='180'/>

Global.cfg

SNFIPCAUTION
SNFIP
x
4
5
0
SNFIPBLACK
SNFIP
x
5
10
0
SNFIPTRUNCATE
SNFIP
x
6
10
0
IPREPUTATION
SNFIPREP
x
0
10
-5
SNIFFER-TRAVEL
SNF
x
47
10
0
SNIFFER-INSURANCE
SNF
x
48
10
0
SNIFFER-AV-PUSH
SNF
x
49
10
0
SNIFFER-WAREZ
SNF
x
50
10
0
SNIFFER-SPAMWARE
SNF
x
51
10
0
SNIFFER-SNAKEOIL
SNF
x
52
12
0
SNIFFER-SCAMS
SNF
x
53
10
0
SNIFFER-PORN
SNF
x
54
10
0
SNIFFER-MALWARE
SNF
x
55
10
0
SNIFFER-ADVERTISING
SNF
x
56
10
0
SNIFFER-SCHEME
SNF
x
57
10
0
SNIFFER-CREDIT
SNF
x
58
10
0
SNIFFER-GAMBLING
SNF
x
59
10
0
SNIFFER-GENERAL
SNF
x
60
10
0
SNIFFER-SPAM
SNF
x
61
10
0
SNIFFER-OBFUSCATION
SNF
x
62
10
0
SNIFFER-IP-RULES
SNF
x
63
10
0
SNFTRUNCATE
SNF
x
20
10
0

EVAFIXFix for Virus test not catching the eicar test due to e-mail formatting
HJADDAdded a function to send a notify e-mail when hijack is triggered and e-mails are being held in the Hold2 folder To turn the Hijack e-mail notify on add the following directive to the hijack.cfg.

HIJNOTIFY      ON

Add the included HijackNotify.eml into the \Declude directory. The email can be modified.
DECADDAdded variable %AUTH% to show the authenticated sender of the email

Declude Security Suite 4.6.35 [1 June 2009]
PieceTypeChange
EVAFIXUpdate AVG Database structure and Key license key Exp=2010-12-31
JMFIXConsole.txt not printing properly due to variables not being initialized
JMFIXFixed Declude crash due to formatting string in the Log function
JMFIXRemoved old log message "Pro version required for outgoing mail." Declude no longer has pro version
JMFIXSmarterMail: Fixed ROUTETO action when the recipient is an alias
JMFIXRemoved DEBUG log information doprewhitelist from LOGEVEL LOW

Declude Security Suite 4.5.29 [23 February 2009]
PieceTypeChange
HIFIXHijack logging error fixed
JMFIXFix memory leak in SPF test
JMFIXFixed IPBYPASS > 0 triggered inconsistencies with the IPFILE test
JMFIXIn "fullmsg" the header part of the message was being stored and printed twice.
JMFIXChanged critical section to when accessing the Address book for autowhitelisting to resolve a thread hanging issue with IMail.
JMFIXAdded critical section before opening the Imail MS Access DataBase to prevent crashes
JMFIXFixed a crash issue, due to decoding of the subject line.
JMFIXIf ZEROHOUR weight value cannot be converted to an integer it will be ignored. This is a fix for a bug reported when ZEROHOUR test action was set, ZEROHOUR was scoring a value of zero.
JMFIXFixed CATCHALLMAIL to be triggered on whitelisted e-mail
JMADDChange Request Skip AUTOWHITELIST when the sender matches the recipient.
JMADDIncreased number of Tests run in global.cfg
JMADDWHITELIST TO Removed the restriction of "abuse@", "noc@", "postmaster@" and updated ROUTING the foreign IP address list
JMADDChanged the CommTouch Temp Directory from the default (the machine default tempdir) to ...\Declude\scanners\commTouch\Temp
JMADDUpdated FROMNOMATCH test failing when e-mail is sent as an NDR
JMADDUpdated FROMNOMATCH test failing. According RFC-822 the angle bracket is not a requirement for FROM: in the header part of the email. Changed to handle the angle bracket and without.
EVAFIXBug fix when virus.cfg is not found. EVA code is still executed and vulnerabilities are placed in the root of C:\ directory.
EVAFIXWith this fix Virus code will not execute if no virus.cfg is found. E-mail will not be scanned for any virus or vulnerabilities
EVAFIXRemoved all reference to EVA versions PRO/STD/LITE.
EVAFIXFixed issue of TXT files being left in the work directory. Requires replacement of the avgsdk.dll.
EVAFIXFixed Declude leaving an open socket during avg update. Also fixed for possibility of an early terminating thread in the transfer file function.
EVAADDUpdate Declude encoding of winmail.data (TNEF) and storing the attachment file and its corresponding file name. Improved detection of the Invalid zip vulnerability.
EVAADDAdded error message in logs for additional information as to why txt file could not be moved back to virus directory
EVAADDInvalid zip vulnerability; updated Declude to be compatible with '7z' file archived compressor
EVAADDUpdated Declude to report on ODBC access issues in Imail.
EVAADDUpdated PCRE to better handle pcre .dll exceptions
EVAADDA virus log will be created in declude\logs and will inform the user that virus test is OFF.
DECADDDiags.txt, shows if AVG and CommTouch are ON or OFF
DECADDUpdated Diags.txt, shows the copyright 2009 and the products, Junkmail, Hijack and EVA as either ON or OFF
DECADDUpdated GP1 files to be amended rather than overwritten. Information will be appended with the system Date and time.
DECFIXRemoved all reference to versions PRO/STD/LITE
DECADDRemoved references to previous Versions (PRO/STD/LITE).

Declude Security Suite 4.4.0 [17 March 2008]
PieceTypeChange
EVAADD Updated AVG (avgsdk.dll 1.3.511)
EVAADDBANEXT EZIP for encrypted files .RAR can encrypt at the file name level requiring a password.
EVAADDALLOWVULNERABILITIESFROM example.com can be used with just domain
EVAFIX BANEZIPEXT ON blocking any encrypted file names
EVAFIXALLOWVULNERABILITIESFROM error when non sender
EVAFIXFix Header Vulnerability to accommodate Opera mail Client header format
JMADD Updated PCRE (pcre3.dll 7.0)
JMADD Updated Commtouch ZEROHOUR (asapskd.dll 5.05.8)
JMADDCheck the SmarterMail Domain Level for Trusted Sender in the domainconfig.xml
JMFIXPCRE on a match was writing additional information not pertaining to the match in the LOG
JMFIX PCRE found a match and the size of the match was > tan the buffer size.
JMFIX Declude produced an error when reading the envelope file (SM and IM), the HELO line can only be 512 according to RFC-821 we now truncate after 512 characters.
JMFIXHELO information was reported incorrectly when IPBYPASS is set
JMFIXIncoming and Outgoing messages being reported incorrectly
DECADDCan use #### for 4 digit year on log file names in the format ddmmyyy
DECADDAdded date, Time, Email, Spool name, Weight and Tests failed to the BLKLST log
DECFIXSmarterMail CMDSPACE test. This test was not triggered in the SmarterMail envelope as token was changed from "cmdspc" instead of "cmdspace" we check for both.
CFGJMDNS 208.67.220.220 for new installs
CFGJMSTOPPROCESSINGONFIRSTDELETE set default ON
CFGJMNOLEGITCONTENT changed from -5 to -3
CFGJMSBL-UNCOMFIRMED removed
CFGJM ZEN Combined spamhaus entries aggregate 7
CFGJMSORBS changed from 5 to 7
CFGJMSPAMBAG removed
CFGJMTQMCUBED-DYNAMIC removed
CFGJMLNG combined spamguard entries aggregate 3
CFGJMNJABL combined njabl entries aggregate 4
CFGJMIADB changed from -8 to -10
CFGJMAHBL-DOMAINS changed from -5 to -10
CFGJMBOGUSMX changed from 1 to 2
CFGJMSURBL changed from 5 to 10
CFGJMURIBL-BLACK has been added
CFGJMROUTING changed from 2 to 4
CFGJMSPFFAIL changed from 5 to 10
CFGJMSUBCHAR-x change to start at 55
CFGDECTHREADS default changed from 15 to 25
CFGDECWAITFORMAILset to 3000 still 5000 by default
CFGEVAAVAFTERJM set to ON

Declude Security Suite 4.3.46 [16 April 2007]
PieceTypeChange
EVAADDImproved AVG virus database format for optimization
EVAADDImproved speed of AVG scanning by 15-20%
EVAADDUpdated AVG (avgsdk.dll 1.2.449)
DECADDUpdated Commtouch ZEROHOUR (asapsdk.dll 5.03.0013)
JMFIXSmartermail HELO was being picked up from the headers rather than the envelope
JMFIXFixed log entry for PCRE when matching on location SUBJECT
CFGEVAEXITSCANONVIRUSDETECT     ON as default
CFGEVA PRESCAN     ON as default

Declude Security Suite 4.3.40 [12 March 2007]
PieceTypeChange
DECFIXZEROHOUR passing weight to SM when email WHITELISTED
DECFIXIgnore Case checking in Imail Address book 2006
JMFIXImproved performance when OUTBOUNDSPAMSCANNING OFF
DECFIXUpdated CommTouch ZEROHOUR Dll
EVAFIXEXITSCANONVIRUSDETECT ON works between AVG and Commtouch
DECADDSM allows both email address and domain in their trusted sender
list, declude will match on either
JMADDSupport for Regular Expressions in the Filters using PCRE library
CFGEVADefault for EVA logs changed from:
LOGFILE \spool\vir####.log
to
LOGFILE \Declude\Logs\vir####.log
CFGHIDefault for HI logs changed from:
LOGFILE \spool\hih####.log
to
LOGFILE \Declude\Logs\hi####.log
CFGJMDefault for JM logs changed from:
LOGFILE \spool\dec####.log
to
LOGFILE \Declude\Logs\dec####.log
CFGJMRemoved the following IP4R tests:
CSMA-SBLIP4Rsbl.csma.biz127.0.0.220
IPWHOISIP4Ripwhois.rfc-ignorant.org127.0.0.630
ORDBIP4Rrelays.ordb.org*50
CFGJMChanged the weights on following IP4R tests:
UCEPROTECT-1IP4Rdnsbl-1.uceprotect.net127.0.0.280
UCEPROTECT-2IP4Rdnsbl-2.uceprotect.net127.0.0.270
to
UCEPROTECT-1IP4Rdnsbl-1.uceprotect.net127.0.0.240
UCEPROTECT-2IP4Rdnsbl-2.uceprotect.net127.0.0.240

Declude Security Suite 4.3.30 [7 February 2007]
PieceTypeChange
DECADDUpdated AVG and AVG dll's
DECADDAdded hijackrelease.exe located under the \Tools directory used to move FP emails to the \spool
JMFIXAdditional changes to accommodate Imail 2006 multiple address formatting for AUTOWHITELIST to work corrrectly
JMFIXFixed AUTOWHITELIST OFF in Smartermail, this was not working turning off even when commented out.
JMFIXFixed logging issue for Incoming vs.Outgoing email reported when Smarter Mail is used as a Gateway
EVAADDNew directive ALLOWVULNERABILITIESTO which allows vulberabilities to pass to a specified email or domain

Declude Security Suite 4.3.23 [7 December 2006]
PieceTypeChange
DECADDNew ZEROHOUR CommTouch Dll
JMADDWHITELIST reason shown at LOGLEVEL HIGH
JMADDAUTOWHITELIST for Imail 2006
JMFIXDefault for the OUTBOUNDSCANNINGSPAM directive is now ON
JMFIXDeclude crash fixed on corrupted From: line in the header part of the envelope file
JMFIXBroken Headers issue fixed
JMFIXRevised ROUTING spamrouting internal tables have to be updated to reflect domestic and offshore network blocks.
EVAADDMIME header mismatch, Declude assumes it is an executable. If this test is turned off then the e-mail will not be caught as vulnerability. However, there is a log message that the mismatch was found and it is ignored because this directive is turned off. Located in the virus.cfg, default is ON

MISMATCHEDEXT    ON
EVAFIXZip vulnerability, declude was holding a valid zip file as a vulnerability

Declude Security Suite 4.3.14 [28 September 2006]
PieceTypeChange
DECADDBANCHARSET defined in the declude.cfg quarentines listed character sets Example:

BANCHARSET   iso-2022-jp
BANCHARSET   koi8-r
EVAADDWith AVAFTERJM ON the JM Log displays message moved to virus folder
JMADDSpam checking for inbound/outbound scanning can be turned on/ off. Located as a directive in the global.cfg file, below are the default settings.

OUTBOUNDSCANNINGSPAM     ON
INBOUNDSCANNINGSPAM         ON
JMFIXIPBYPASS now takes place before WHITELIST
JMFIXUsing HOLD action in the $default$.junkmail file, if an extra space was after %DATE% incorrect behaviour was observed, this is not been normalized
JMFIXX-COUNTRYCHAIN log entry no longer truncated
JMFIXDELETE_RECIPIENT removes the specified email address as per-user action only
DECFIXOn occasion ZEROHOUR initialized two overlaping threads causing decludeproc crash
HIFIXCONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly

Declude Security Suite 3.1.3 [28 September 2006]
PieceTypeChange
SMFIXDecludeproc will not start without a valid domainlist.xml
HIFIXCONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly
JMFIXDeclude crash fix. Buffer Overflow reading the From: line in the Headers
JMFIXWith HOLD if extra space after %DATE% incorrect behaviour was observed this is not been normalized


Declude Security Suite 4.3.7 [3 August 2006]
PieceTypeChange
JMADDAdded x-header for CommTouch RefID
JMFIXCOPYFILE not working correctly when COPYFILEACTIONWITHHEADERS ON directive
JMFIXDeclude crash fix. Buffer Overflow reading the From: line in the Headers
SMFIXFailed .hdr to be DELETED rather than moved to the \error director
HIFIXSpam messages set for HOLD and DELETE moved back to the Spool when intercepted by Hijack

3.1.1 [3 August 2006]
PieceTypeChange
JMFIXCOPYFILE not working correctly when COPYFILEACTIONWITHHEADERS ON directive
SMFIXQUEUEFILE_SAVEFILE the log is showing the correct directory path
SMFIXFailed .hdr to be DELETED rather than moved to the \error director
DECFIXA Global variable being initialized more than once has been corrected
HIFIXSpam messages set for HOLD and DELETE moved back to the Spool when intercepted by Hijack
EVAFIXBANEXT buffer overflow
EVAFIXALLOWVULNERABILITIESFROM (for user)

Declude Security Suite 4.3 [18 July 2006]
PieceTypeChange
DECADDCommTouch Zero-Hour Virus Protection and Recurrent Pattern Detection Technology added. If you are subscribed to Declude for the CommTouch add-in, to enable, add/use the ZEROHOUR directive in the global.cfg file to control the weight associated with this test.

ZEROHOUR 14
DECFIXA Global variable being initialized more than once has been corrected

Declude Security Suite 4.2 Build 20 [6 July 2006]
PieceTypeChange
EVAADDNew NONSTANDARDHDR vulnerability test. Messages found to have broken headers are moved to the \virus folder
EVAFIXALLOWVULNERABILITIESFROM (for user)
EVAFIXBANEXT buffer overflow
SMADDWhen an error is found in the envelope (.hdr) file the message is moved to the \error folder
SMADDDecludeproc will not start without a valid domainlist.xml
SMFIXQUEUEFILE_SAVEFILE the log is showing the correct directory path
SMFIXAllows admin to set VIRDIR to any directory path in the virus.cfg

Declude Security Suite 4.2 Build 12 [24 May 2006]
PieceTypeChange
EVAADDAbility to configure the built-in AVG update interval which checks for updates. Default is once a day / minimum is one hour. Located int the declude.cfg add the following directive

AVGUPDATEFREQHRS 6
(Note:AVGUPDATEFREQHRS)
EVAFIXAVG now reports name of virus found in log file
EVAFIXPerformance and speed enhancement to the AVG database file downloads
JMFIXBuffer overflow fix

Declude Security Suite 4.2 Build 3 [2 May 2006]
PieceTypeChange
EVAADDBUILTINSCANNER    OFF
Located in Virus.cfg. Will disable the internal AVG scanner.
EVAADDIntegrated AVG Scanner into Decludeproc no configuration required.

3.1.0 & 4.1.0 [3 Apr 2006]
PieceTypeChange
JMADDAdded Test MSGSIZE can be used to reduce weight on larger Emails
JMADDAdded Test FROMNOMATCH checks the sender in the envelope with the sender line in the header to see if they match.
SMFIXImplemented uniform handling in SmarterMail for v1/v2 and v3 domainList.xml formats
SMFIXCorrected issue with overwrite of masterhostname variable
SMFIXCorrected issue where COPYTO was not functioning correctly
SMFIXWeight added to envelope only if message is being passed on and not held or deleted
DECFIXCorrected issue where some Declude variables were not being properly initialized

3.0.6.4 & 4.0.9.4 [13 Mar 2006]
PieceTypeChange
HIFIXCorrected logging issue and locked file problem trying to move .hdr files in SmarterMail
SMADDSupport for MAILBOX action in Smartermail
CONFIXConfirm for Imail now working correctly

4.0.9 [20 Feb 2006]
PieceTypeChange
JMFIXLog file changes for COUNTRY / COUNTRIES to eliminate duplication of lines
SMADDSupport for WHITELIST AUTH in Smartermail
SMADDSupport for CMDSPACE test in Smartermail
SMADDDeclude now passes total weight of Email directly back to Smartermail
IMADDEnhanced move files to spool for older versions of IMail
JMFIXFixed bug that occasionally caused Email to go to the wrong hold directory
DECADDDecludeproc -v now displays platform in addition to version
JMFIXCorrected bug that caused mishandling of message attachments when processing headers
SMADDAdded code to process new domain list format in SmarterMail 3.0 due to changes in XML file format

3.0.6 [20 Feb 2006]
PieceTypeChange
JMFIXLog file changes for COUNTRY / COUNTRIES to eliminate duplication of lines
IMADDEnhanced move files to spool for older versions of IMail
JMFIXFixed bug that occasionally caused Email to go to the wrong hold directory
DECADDDecludeproc -v now displays platform in addition to version
JMFIXCorrected bug that caused mishandling of message attachments when processing headers
SMADDAdded code to process new domain list format in SmarterMail 3.0 due to changes in XML file format

3.0.5.23[29 Dec 2005]
PieceTypeChange
JMFIXThis release fixes a bug in the IMail version of Declude whereby the wrong service level (Pro, Standard, Lite) was being reported. This issue affected IMail users only.

3.0.5.21 [30 Nov 2005]
PieceTypeChange
JMADDINVITEFIX    ON
Located in Declude.cfg. Some customers had issues related to Outlook meeting requests appearing as text only. The default for this directive is OFF.
JMFIXFixed skipping of certain DNSBL tests.
JMFIXSTOPALLTESTS is now working correctly
AVFIXIncorrect log entries regarding to licensing with EVA
AVADDVulnerability Notifications available for Imail

3.0.5.20 [10 Nov 2005]
PieceTypeChange
JMFIXFixed un-initialized variable, causing CMDSPACE false positives.
JMFIXFixed un-initialized variable, causing SPF false positive
JMFIXBITMASK test timeout error fixed
JMFIXMishandled Winmail.dat / TNEF fixed

3.0.5.18 [4 Nov 2005]
PieceTypeChange
ALLFIXFixed un-initialized variable causing intermittent stop/start with the decludeproc service.
JMFIXFixed SmarterMail incoming Email recipient domain aliases
AVFIXFixed un-initialized variable, causing incorrect Virus Names.

3.0.5.14 [31 Oct 2005]
PieceTypeChange
ALLADDWINSOCKCLEANUP    ON
Located in Declude.cfg. Some customers had issues related to their network stack causing loss of functionality for basic network operations. The default for this directive is OFF
ALLFIXMemory leaked fixed by forcing windows to close handles once completed.

3.0.5.12 [26 Oct 2005]
PieceTypeChange
ALLADDCreated a \proc\error directory for messages that cannot be moved by Decludeproc to the appropriate locations
ALLADDWhen the \proc directory becomes empty and the threads in the work have completed all messages decludeproc resets the winsock
ALLADDWhen the \proc directory is empty winsock cleanup will be called after the shorter of either the number of worker threads going to 0 or 5 minutes. Any files found in the work directory will then be moved to the \review directory.
ALLFIXChange default THREADS to 15 if no Declude.cfg is located
ALLFIXChange default WAITFORMAIL to 2000 if no Declude.cfg is located
JMADD

AUTOREVIEW    ON
Located in Declude.cfg. Email in the \review directory is automatically moved to the \proc directory when the service starts or when the proc directory is empty

HIFIXRemoved deccon.exe to be replaced with new Console

3.0.5.3 [26 Sep 2005]
PieceTypeChange
ALLADDDeclude.exe function changed to move files to \proc directory
ALLADDDecludeproc.exe introduced to run as a service.
ALLADDDecludeproc.exe creates \proc directory, \work directory \review directory.
ALLADDTHREADS 5
Located in Declude.cfg. Specifies the amount of threads declude uses to process Email.
ALLADDWAITFORMAIL 30000
Located in Declude.cfg. Defined in milliseconds eg. 30000 = 30 seconds this can be changed to set the wait time that decludeproc will wait before checking the \proc directory once empty for new messages.
ALLADDWAITFORTHREADS 1500
Located in Declude.cfg. Defined in milliseconds eg. 1500 = 1.5 seconds this can be changed so that when the maximum threads are in use this time specifics the wait before checking to launch more threads.
ALLADDWAITBETWEENTHREADS 1
Located in Declude.cfg. Defined in milliseconds eg. 1 = 1 millisecond The time to wait between spawning one thread and starting to process another thread.

2.0.6 [11 Apr 2005]
PieceTypeChange
ALLADDEnhanced diagnostics to include the ability to send diagnostic information directory to Declude Technical Support.
ALLADDEnhanced logging.
ALLADDProcessCounter - New application that will show the number of running Declude instances in the Windows system tray.
ALLFIXAdded resolution to log if the 'Error starting deccon.exe message' was found.
JMADDAdded new directives for global.cfg - STOPPROCESSINGONFIRSTDELETE, COPYFILEACTIONWITHHEADERS, ACTIONSONCOPYALL, NOACTIONSONCOPYALLWHENWHITELISTED.
JMADDNew configuration file (optional) with new directives - PROCESSES, CONCATENATELOGSTHRESHOLD, CONCATENATELOGS, KEEPINDIVIDUALLOGS,  ADJUSTFORLOAD.
JMADDAdded the option to hold spam by date - Adding %DATE% to the HOLD action will create date folder which will hold spam.
JMADD(SMARTERMAIL ONLY) Added an overflow process for high volume.
JMFIXNew DELETE_RECIPIENT action - Use this action to remove a recipient from a multi-receipt Email. Prior versions used the DELETE action causing confusion and other issues, DELETE will delete the entire Email, DELETE_RECIPIENT deletes individual users.
JMFIX(SMARTERMAIL ONLY) COPYFILE directive didn't copy both hdr and eml files

2.0.5 [14 Feb 2005]

Piece

Type

Change

ALLFIXReferencing a memory pointer that was not valid because of a fix to the Hijack product. This produced GP1 and GP2 files in the root of C:\ containing text similar to ‘couldn’t open headers datafile (are you running an on-access virus scanner?)’

2.0 [31 Jan 2005]

Piece

Type

Change

ALLFIXFixes an issue where Declude could use an IP address in the Email body, if no IP appeared in the Email headers.
ALLFIXEnsures correct identification of message subject
AVADDADD Adds detection of bogus .EXE files (including 0-byte .exe files) to Declude Virus Pro
AVADDADD Adds support for %REVDNS% variable to show reverse DNS entry of remote mailserver
AVADDALLOWVULNERABILITIESFROM option that instructs Declude Virus to allow vulnerabilities from a specific Email address.
AVADDAdds support for event logging to Declude Virus.
JMFIXChanges DELETE action to only delete the Email for recipients using the DELETE action (so it will deliver to any other recipients)
JMFIXChanges logging so that all log file entries for a given Email will be grouped together.
JMADD

Changes HOLDaction so that users can specify the directory to hold spam in.

HIADDAdds support for event logging to Declude Hijack.

1.81 [1 Oct 2004]
PieceTypeChange
AVFIXFixes a problem with false positives in Microsoft's " GDIPlus.dll JPEG exploit" detection.
AVFIXChanges "GDIPlus.dll JPEG Exploit" detection to be run on any JPEG file, regardless of extension.
JMFIXFixes a problem where "LOG_OK NONE" option would display " Message OK" lines in log file.
JMFIXFixes a problem where "LOG_OK NONE" option would display " Tests Failed:" lines in log file.

1.80 [28 Sep 2004]
PieceTypeChange
AVFIXEnhances Object Data vulnerability detection
AVFIXEncrypted .RAR files were only blocked in the Pro version; fixed.
AVFIXCould incorrectly detect Outlook 'MIME Headers' Vulnerability; fixed.
AVFIXCode added to prevent too many BANEXT/SKIPEXT options from causing crashes.
AVFIX"PK00" .ZIP files would get caught as encrypted; fixed.
AVFIXFixes an issue where a crash could occur if an on-access virus scanner blocked a .ZIP file
AVFIXWill no longer delete vulnerabilities with DELETEVIRUSES ON
AVFIXWill now re-try moving of virus-laden D*.SMD files for up to 60 seconds (every 2 seconds)
AVFIXMakes a change to help ensure that Outlook CR Vulnerability does not occur if more than 16K of headers
AVFIXBANEXT EZIP now takes priority over BANEXT ZIP
JMFIXWHITELIST IP would whitelist Emails sent from imail1.exe; fixed.
JMFIXFixes an issue where people with many tests using WARN action could cause problems
JMFIX%WEIGHT% variable will now work everywhere
JMFIXChanges %WEIGHT% to calculate weight properly if spam tests haven't been run.
JMFIXNOTENDSWITH would not work properly on some matches; fixed.
JMFIXSUBJECT filter could have false positives in rare cases; fixed.
JMFIXFixes an issue where an altered subject could have first character missing.
JMFIXWill now only wait 5 minutes for an external program to finish, rather than an hour.
JMFIXFixes an issue with filters with '~' character in them.
AVADDDetects invalid .ZIP vulnerability.
AVADDDetects bogus CPL files (Declude Virus Pro).
AVADDSKIPIFEXT option added for .eml files (IE 'SKIPIFEXT EZIP').
AVADDDetection of Microsoft GDIPlus.DLL JPEG vulnerability.
JMADDCONTSPACES test to detect more than X continuous spaces in the subject.
JMADDAdded NOTCONTAINS, NOTIS filter types.
JMADDSTOPATFIRSTHIT option added to filters (for example, STOPATFIRSTHIT, so any hit in file will stop further processing of this filter).
JMADDSTOPALLTESTS option added to filters (for example, "BODY STOPALLTESTS CONTAINS Evil Spammer")
JMADDMINWEIGHTTOFAIL option added to filters (requiring that the filter reach a certain weight before it will be triggered).

1.79 [Beta, 05 Apr 2004]
PieceTypeChange
ALLFIXAdded code to bypass IMail v8.1's duplicate scanning of forwarded Emails.
AVFIXFixes issue with previous beta and incorrect "Waiting for activation code" header.
AVFIXBANNAME would produce a blank %BANEXT% variable; now shows full name.
AVFIXRemoves " virus !!!" from end of virus names produced by McAfee.
AVFIXPRESCAN ON setting will now scan Email with "<IFRAME" in them.
AVFIXWill now skip over .GSC/.GSE files to improve performance and ensure no loops can occur.
JMFIX"Tests Failed" log file entry will now include all tests (not just ones with an action of LOG or higher or a weight not equal to 0).
JMFIXSubject filters will now work on both decoded and undecoded versions of subject.
JMFIXDOMAINWHITELISTS option fixed.
JMFIXFixes an issue that could force IGNORE action to be used if more than 100 tests were defined.
JMFIXFixes an issue with an infinite loop that could occur in SPF processing with invalid SPF strings.
JMFIXFixes an issue that could cause UNKNOWN VAR to appear on the 42nd test (and multiples thereof).
AVADDAdds BANEXT EZIP option to ban all encrypted .ZIP files.
AVADDAdds BANZIPEXTS option (Declude Virus Pro) to check .ZIP files for banned file extensions (BANEXT).
AVADDAdds BANEZIPEXTS option (Declude Virus Pro) to check encrypted .ZIP files for banned file extensions (BANEXT).
AVADDAdds .PIF, .SCR, .COM, and .BAT vulnerability detection (invalid file types) for Declude Virus Pro.
AVADDAdds OBJECT DATA vulnerability detection (used by Bagle.Q, Bagle.R).
AVADDAdds virus name to headers of quarantined virus Emails.
JMADDCOPYFILE action to copy the IMail D*.SMD and Q*.SMD files to a specific directory (for example, "WEIGHT10 COPYTO C:\IMail\spool\weight10\").

1.78 [Beta, 18 Feb 2004]
PieceTypeChange
JMFIXEmails greater than 32K could have invalid characters appear in base64 MIME decoding, causing filters to be incorrectly triggered in rare cases; fixed.
JMFIXSubject would not be added to rare Emails without a body; fixed.
JMFIXIPBYPASS limit increased from 20 to 100 entries.
JMFIXIf an invalid variable was encountered, headers might have become corrupt; fixed.
JMFIXFixes a rare issue where wrong actions could be used.
JMFIXFixes a rare issue with external tests where locked files might not be processed properly.
JMFIXHIDETESTS option would not work properly; fixed.
JMFIXFilter WARN messages will now have weight as total weight, including the weight of the test itself.
JMFIXEND statement in filter will now work properly.
JMFIX"fromfile" test type will now stop processing at first match..
JMFIXBADHEADERS test will no longer fail if To: not present but Bcc: is.
JMFIXTests with DUHL in the name will now be skipped after first hop..
JMFIXHTML code removal will now work with CRLFs in HTML tags.
JMFIX"ipfile" test type warning message will now start at first nonwhitespace character.
JMFIXFixes an issue with recipients in Emails sent from IMail v8 web messaging.
JMFIXLOGLEVEL LOW will now have 1 line with tests that fail ("HELOBOGUS=WARN SPAMCOP=DELETE", etc.). LOGLEVEL HIGH will have the old one line per test, with the warning message.
JMFIXMAILFROM test will now catch just "username".
JMADDDOMAINWHITELISTS ON option, to allow for per-domain whitelist files at \IMail\Declude\example.com\whitelist.txt.
JMADDNew tests "dow" and "hour", to allow hour and day-of-week detection. IE "HOUR hour 9 16 0 0" for local 9AM->4:59PM. DOW dow 1 5 0 0 for Monday through Friday.
JMADDAdds TESTSFAILED searching for filters (for tests that have already run). For example, "TESTSFAILED END CONTAINS SPAMCOP".
JMADDNew test "spf" added for SPF support.
JMADDFilters can now have "WHITELIST" command to whitelist an Email ("SUBJECT WHITELIST CONTAINS [Declude.JunkMail]")
JMADDAdds NOTENDSWITH option to filters ("REVDNS 0 NOTENDSWITH .aol.com").
JMADDAdds CIDR option to filters ("REMOTEIP 0 CIDR 192.0.2.0/24").
JMADDAdds CMDSPACE test to help detect spamware in SMTP commands.
JMADDNow will decode encoded subjects (for use in filters).
AVFIXHad an internal limit of 20 forging viruses; changed to 200.
AVFIXPrevents false positives where "begin " followed by "." causes uudecoding to occur.
AVFIXPrevents notifications from being sent out with the Outlook CR Vulnerability, if an unusual RCPT TO: occurred with an LF in it.
AVFIXFixes an issue where if 2nd virus scanner reported filename (not number), it would be used instead of "good" filename from first scanner.
HIFIXIncreases ALLOWIP limit to 100 entries.

1.77 [Beta, 04 Dec 2003]
PieceTypeChange
AVFIXSpace Gap detection will now obey BANCRVIRUSES setting.
AVFIXBANNAME option would cause problems when too many entries were used; fixed.
JMFIXCOMMENTS test now works on "greater than or equal" rather than "greater than".
JMFIXFixes an issue with the MAILFROM test, where it would get triggered on a DNS response with no NS records.
JMFIXIn certain multi-hop scenarios, bogus IPs (such as "?.?.?.?") would get scanned; fixed.
JMFIX"bypasswhitelist" option wouldn't work with WHITELISTFILE or AUTOWHITELIST; fixed.
JMFIXENDSWITH would not work properly in certain rare cases; fixed.
JMFIXPERCENT test now catches quotes; IE: '"user@example.com"@example.com'.
JMFIXBOUNCE action renamed to BOUNCEONLYIFYOUMUST (due to huge amounts of spam being sent out by our customers!).
JMFIXFixes issue where per-user whitelisting or AUTOWHITELIST might not work.
JMFIXFixes an issue when SUBJECT action was too long.
JMADD"filter" test type now can have MAXWEIGHT/MINWEIGHT option.
JMADD"filter" test type now can have "END" in place of the weight (any match will 'turn off' test).
JMADD%TESTSFAILEDWITHWEIGHTS% variable, which includes weights along with the tests that failed.
JMADD"filter" test type now has SKIPIFWEIGHT option to bypass filters if a certain weight has already been reached.
JMADDHIDETESTS option to hide tests from X-Spam-Tests-Failed: header.
AVADDDetection of new "Outlook 'Space Gap' Vulnerability" variants.
AVADDAdded SKIPIFFORGING option for .eml files.
AVADDAdded ONLYSENDIFVIRUSNAMEHAS option.
AVADDAdded %LOCALRECIPS% variable that only lists local recipients.

1.76 [Beta, 19 Sep 2003]
PieceTypeChange
JMFIXFixes a rare issue with CNAMEs in reverse DNS lookups.
JMFIXPrevents EASYNET-DYNA test from working with 2nd and further hops.
JMFIXAutomatically detects wildcards from TLD parents (such as non-existent .com/.net domains).
JMADDANYWHERE filter type (for example, "ANYWHERE 0 CONTAINS something"), to search both headers and body.
JMADDWHITELIST AUTH option in global.cfg file, which automatically whitelists authenticated senders (for IMail v8 and later).
JMADDAdds a bypasswhitelist test type that can be used in rare cases when whitelist bypassing is necessary.
AVADDBANNAME option, to ban file names (such as "BANNAME message.zip").
AVADDAutomatic detection of forging viruses (via DNS). To turn off, use "AUTOFORGE OFF".
AVADDAdds ONLYSENDIFRECIP and ONLYSENDIFIP options for .eml files that should only be sent to specific recipients or IPs.

1.75 [Release, 22 Jul 2003]
PieceTypeChange
JMFIXReverse DNS entry variable could get corrupted; fixed.
JMFIXFilters that have no string to look for will no longer match all Emails (IE "BODY 0 CONTAINS ").
JMFIXFixes an issue where first recipient could not use global.cfg file if no copyall_account was used.
JMFIXCould have a "Misconfiguration: WHITELISTFILE is not an action" line in log file; fixed.
JMFIX"Multiple headers/footers can now be used" removed (since multiple headers/footers would appear if multiple recipients).
JMFIXWith AUTOWHITELIST, SUBJECT action on one recipient would be used even if a later recipient was AUTOWHITELISTed; fixed.
JMFIXA filter with "BODY ISBLANK" will now work.
AVFIXA crash could occur with broken (long) BinHex lines; fixed.
AVFIXBANCRVIRUSES option would not control Conflicting Encoding vulnerability; fixed.
AVFIXWill no longer report "Error 0 in virus scanner...".
AVFIXFile banning will now take priority over an internal error.
AVFIXWill now process (malformed) MIME boundaries within uuencoded segments.
AVFIXA crash could occur with too many recipients; fixed.
AVFIXWill no longer show "To: copyall_account" in log file if copyall account used.
JMADD%BODY% variable, which displays the body of the Email.

1.70 [Beta, 29 May 2003]
PieceTypeChange
ALLFIXMakes sure that vacation messages do not get scanned.
ALLFIX%RECIPHOST% will now ignore recipients that IMail rejects.
AVFIXWill now use the virus name from the first scanner, if multiple scanners are used.
AVFIXWill prevent an error if MIME files recurse more than 50 layers deep.
AVFIXWill now look at both intended and actual recipient addresses for per-user settings.
JMFIXAUTOWHITELIST wasn't working properly; fixed.
JMFIXSPAMDOMAINS test will now not get triggered if reverse DNS times out.
JMFIXEmails with lots of recipients could prevent actions from being taken on some recipients; fixed.
JMFIXFixes an issue where sender might not be seen as local.
JMFIXBASE64 test will now work on "single attachment with no body" Emails; so will base64 filtering.
JMFIXREVDNS test will now handle CNAMEs properly.
JMFIXFilters will now process 8-bit characters properly.
JMFIXWill now use a public DNS server if no DNS servers are listed in IMail settings.
JMFIXCOMMENTS test will now also work with any made-up tag beginning with "
JMFIXSPAMDOMAINS test will now allow an alias (IE "hotmail.com msn.com" to check @hotmail.com, but allows either hotmail.com or msn.com in reverse DNS entry) .
JMADDDOSENDERACTIONS ON option to allow for actions based on the sender of the Email (in Declude Junkmail Pro).
JMADDPREWHITELIST ON option to automatically bypass spam tests for Email from whitelisted IPs or whitelisted return addresses.

1.69 [Beta, 16 Apr 2003]
PieceTypeChange
ALLADDAdded %REALRECIPS% variable that lists actual recipients (as opposed to %ALLRECIPS%, that lists intended recipients).
JMFIXCertain action combinations would not work (IE ALERT and ROUTETO); fixed.
JMFIX"whitelistfile" option will now work as an exact match, unless starts with '@' or '.'.
JMFIXMAILFROM and HELOBOGUS tests will now fail if localhost is returned as MX record (even if no 127.0.0.1 IP returned).
JMFIXWill now properly handle 1-character header extension (IE "Subject: Bla\r\n h").
JMFIX"nonenglish" test enhanced to detect subjects with highbits set.
JMFIXDeclude JunkMail headers will be added to Declude Virus caught Emails again.
JMFIXWhitelisting of 'all@example.com' (IE in autowhitelist) wouldn't worked; fixed.
JMFIXMultiple headers/footers can now be used (IE "[This Email failed DSBL]" and "[This Email failed SPAMCOP]").
JMADDSupport for HTML non-comments (IE "This is spam"), and CRLFs ("mortgage quotes").
JMADDWHITELIST HELO option, WHITELIST SUBJECT option.
JMADD"spamdomains" test ("SPAMDOMAINS spamdomains c:\sd.txt..."; if sd.txt has 'hotmail.com' in it, then all Email from 'hotmail.com' must have 'hotmail.com' in reverse DNS).
JMADD"bcc" test (IE "BCC bcc 2 ..." to catch Emails with 2 or more Bcc:'s that Declude JunkMail knows of). Will get triggered on lists!
JMADD"nolegitcontent" test (like IPNOTINMX, it is designed to give a negative weight to legitimate Email).
HIADDALLOWADDR option, to allow up to 20 Email addresses to send unlimited Email.

1.68 [Beta, 19 Mar 2003]
PieceTypeChange
ALLFIXEnhancements to Declude Queue.
ALLFIXLocal hostname could appear as "copyall_account"; fixed.
ALLFIXFixed an issue where %NRECIPS% could be double the actual count.
CONFIXDeclude Confirm wouldn't work properly when a copyall account was used; fixed.
AVFIXWill now scan Email for viruses before checking for hijacking in Declude Hijack.
JMFIXFixed an issue where the 'comments' test type would catch comments that shouldn't have been caught.
JMFIX%NRECIPS% variable is no longer limited to 100.
JMFIXWill no longer add Declude JunkMail headers (except XSENDER and XSPOOLNAME) if a virus is found.
JMFIXMAILFROM and HELOBOGUS tests will now fail if 127.0.0.1 is returned as IP.
JMFIXMAILFROM and HELOBOGUS tests will now fail if non-FQHN is found and a server failure occurs..
JMFIXOutgoing WARN, HEADER, FOOTER actions had been restricted to 64 characters; fixed.
JMFIXPERCENT test will now check both intended address and actual address, to catch quoted percent hack.
JMFIXWhitelist files will now work as exact matches, rather than partial matches.
JMADDAdds "nonenglish" test type.
JMADDAdds "subjectchars" and "subjectspaces" tests, which catch long subjects or subjects with lots of spaces.
JMADDAdds "dnsbl" test type to support new DNS-based spam tests (such as HELO-based tests).
JMADDAdds %IP4R%, %RHSBL%, %MAILFROMBL% and %HELO% variables.

1.67 [Beta, 03 Feb 2003]
PieceTypeChange
ALLFIXFixes an issue where truncated names may appear in %ALLRECIPS% variable.
ALLFIXDAISYCHAIN option wouldn't work with full paths; fixed.
AVFIXWill now catch viruses even if there are stray headers in base64 segment.
AVFIXWould try sending to "postmaster@copyall_account" for gatewayed domains; fixed.
AVFIXFixes a potential crash if a Content-Transfer-Encoding: header was >1000bytes.
JMFIXFixes an issue from 1.66 with Declude JunkMail Pro where it could crash if not all test actions defined in global.cfg file.
JMFIXWould whitelist all Email if "WHITELIST TODOMAIN" was used with the domain of a copyall account; fixed.
JMFIXFixes an issue where ip4r tests might not work on Lite version.
JMFIXWHITELISTFILE option would cause problems with other Emails that should not have been whitelisted; fixed.
JMFIXWHITELISTFILE option wouldn't allow '.example.com'; fixed.
JMFIXWHITELISTFILE now allows format of "WHITELISTFILE @example.com C:\file.txt" or "WHITELISTFILE user@example.com C:\file.txt".
JMFIXREDIRECT will now allow domain redirecting ("REDIRECT @example.com filename...").
JMFIXCOPYTO action can now work on outgoing Email.
AVADDONLYSENDIFSENDER option added for .eml files.
AVADDAdds detection of Outlook 'Long Filename' Vulnerability.
JMADDAdds %USER% variable, which will allow 'TESTNAME ROUTETO spam-%USER%@example.com'.
JMADDAdds "AUTOWHITELIST ON" option in global.cfg file, which will use address books as whitelists ("all@all.com" will whitelist all incoming Email; "all@example.com" will whitelist all Email from @example.com).
JMADDAdds "comments" test type to detect anti-filtering HTML comments.

1.66 [Beta, 17 Jan 2003]
PieceTypeChange
ALLFIXFixed an issue with handled invalid registry entries.
ALLFIXWill no longer have 'could not unlock file' warning when an external program deletes a .smd file.
AVFIXWould detect bogus .EXT files incorrectly; fixed.
AVFIXWill no longer false positive on Emails with the word 'begin' and '.com' on the same line.
AVFIXMIME segment in MIME preamble would be caught even with BANCRVIRUSES OFF; fixed.
AVFIXWill no longer try to send notifications to "[forged]".
AVFIXWill now add [incoming] or [outgoing] to To/From line at LOGLEVEL MID.
AVFIXWill now report the virus name at LOGLEVEL LOW, in "are INFECTED" line.
JMFIXWill now only run external tests once each, for better performance.
JMFIXWill now cache DNS entries when multiple ip4r tests are run on same zone.
JMFIXMultiple address aliases now work properly.
JMFIX0.x.x.x and 127.x.x.x will no longer have reverse DNS looked up.
JMFIXWill now keep a larger portion of the Email in memory, for improved filtering.
JMFIXCan now define an unlimited number of spam tests (was previously limited to 256).
JMFIXWill now automatically bypass lines with no IP in them.
JMFIXPERCENT test will now catch colons (IE "@declude.com:user@example.com").
JMADDExternal tests definitions can now be defined with "<50" ">50" instead of value or "nonzero".
JMADDPer-user/per-domain whitelisting ("WHITELISTFILE filename" in a .junkmail file).
JMADDAdds WHITELIST REVDNS (IE "WHITELIST REVDNS yahoo.com")
AVADDSKIPIFRECIP option (IE "SKIPIFRECIP @example.com" or "SKIPIFRECIP user@example.com").

1.65 [Release, 11 Dec 2002]
PieceTypeChange
AVFIXFixes an issue with 'Mismatched extensions' catching legitimate Emails in rare circumstances.
AVFIXWill now allow multiple identical 'Content-Transfer-Encoding' lines without triggering a vulnerability.

1.64 [Beta, 04 Dec 2002]
PieceTypeChange
AVFIX'Mismatched extensions' vulnerability changed to only check file extension, not full name.
AVFIX'Conflicting Encoding' vulnerability will no longer catch RFC822 Emails-within-Emails.

1.63 [Beta, 25 Nov 2002]
PieceTypeChange
AVFIXWill now ignore comments within RFC822 headers.
AVFIXSaveable plaintext Emails with a filename but no extension will now be scanned.
AVFIXFixes an issue where .wav MIME header vulnerabilities might not get caught.
AVFIXwill now get file extensions for filenames ending in a period.
AVFIXCan now have 8-bit characters in the FOOTER option.
AVFIXBanned file information (To/From/Subject) will now be recorded at LOGLEVEL MID.
AVFIXWill now process headers with no space after the colon.
AVFIXWill now start AV processes with inherited handles, to help with an issue with FSAV.
AVFIXFixes an issue where multilayer Emails could get caught with MIME preamble vulnerability.
AVFIXBANEXT htm/html will no longer catch text/html MIME segments.
AVFIXWill now treat mismatches file extensions (IE eicar.com and eicar.txt) and .exe's.
JMFIXCan now have 8-bit characters in XINHEADER/XOUTHEADER options.
JMFIXFixes a problem that could occur when lots of ip4r tests were defined.
JMFIXWill now automatically bypass SMTP32-FWD lines.
JMFIXWill now cut off ", " at end of ALLRECIPS option, to improve filtering.
JMFIXWhitelisting a TODOMAIN would cause Habeas Headers whitelist to take effect; fixed.
JMFIXFixes an overflow and infinite loop problem with ALLRECIPS filter.
JMFIXAn undocumented test was removed due to support requirements.
JMFIXALLRECIP filtering option will now work with both intended and actual recipient addresses.
JMFIX'Couldn't move/copy datafile' warning will no longer occur if an external test deletes the Email.
JMFIXBogus CIDR ranges in whitelisting will now be treated as /32's.
AVADDSKIPIFVIRUSNAMEDOESNOTHAVE option added for .eml files.
AVADDAdded detection of Outlook 'MIME Section in MIME Preamble/postamble' vulnerability detection.
AVADDDetection of 'Conflicting Encoding' vulnerability added.
JMADDAdded ALLRECIPS filter

1.62 [Beta, 04 Nov 2002]
PieceTypeChange
AVFIXChanges uuencoded detection to prevent false positives.
AVFIXSome vulnerabilities could produce many log file entries; fixed.
AVFIXPer-user/per-domain "ON" settings will now override any "OFF" settings.
JMFIXWill now handle multiple return codes in ip4r tests.
JMFIXwill now record the action for each test that fails.
JMFIXChanges handling of invalid "[?.?.?.?]".
JMFIXExternal tests can now have variables in their definitions.
JMFIXAdds a failsafe for invalid CIDR ranges in IP blacklists.
AVADD%NOUNKNOWNVIRUSNAME% variable that will return the virus name, or nothing if "Unknown Virus".
AVADDSKIPIFSENDER option for .eml files (such as "SKIPIFSENDER @example.com").
JMADDAdds COUNTRY (of remote mailserver) and COUNTRIES (of any mailservers in chain) to filter.
JMADDAdds %COUNTRYCHAIN% variable.
JMADDAdds "ipnotinmx" test, which catches Email sent from an IP not in the MX records of sending domain.
JMADDHABEAS whitelist type, for whitelisting Emails with Habeas headers ("WHITELIST HABEAS").
JMADDNew "habeas" test type, to allow for negative weighting of Emails with Habeas headers.

1.61 [Beta, 23 Sep 2002]
PieceTypeChange
AVFIXAdded detection of many new vulnerabilities.

1.60 [Release, 13 Sep 2002]
PieceTypeChange
JMFIXFixes a problem with bogus headers that were too long.
JMFIXWill now properly handle Subject: headers with no space after "Subject:".
JMFIXWHITELIST IP will now only work as exact match, unless it ends in "." (to prevent '10.10.10.1' whitelisting '10.10.10.10').
JMADDNew "base64" test type (beta).
AVADDDetection of "Partial Vulnerability" ("Fragmented").

1.58 [Beta, 27 Aug 2002]
PieceTypeChange
ALLFIXFixes an issue where SendName registry entry could be incorrectly changed back to Declude.exe.
ALLFIXTakes care of a rare problem that could occur when Email headers are added.
JMFIXFixes a problem that could occur with "fromfile" test type.
JMFIXWhitelist log file entry will now show which log file entry caused the Email to be whitelisted.
JMFIXFixes an issue where a corrupt To: address could cause Declude JunkMail not to work properly.
JMFIXReverse DNS entries with a trailing "." will now have them removed (so the "ENDSWITH" filter type will work as expected).
JMFIX"fromfile" test type will now only use exact match (so "name@example.com" will no longer catch "username@example.com").
JMFIXWill now get correct IP when HELO/EHLO appears with brackets.
JMFIX%TESTSFAILED% will now return "Whitelisted" if an Email is whitelisted.
JMFIXFixes an "nwhitelists>200" error that could occur if reverse DNS entries appeared in parentheses in the Received: header.
JMFIXDNS engine changed to support IPv6 entries in packets that Declude JunkMail receives.
AVFIXWorkaround for an IMail bug that sends bogus filenames when a root directory is used for the spool ("D:\\...").
AVFIXFixes a problem where Mac files with no extension could get caught if an EOF occurred.
AVFIXAllows "TEMPDIR D:\" (before, only "TEMPDIR D:" would work).
AVFIXSwitches priority of SKIPEXT/BANEXT, so files will be banned if they are listed as both SKIPEXT and BANEXT.

1.57 [Beta, 30 Jul 2002]
PieceTypeChange
JMFIXHELOBOGUS will now only be tested on non-local senders.
JMFIXHELO detection wasn't using correct hop; fixed.
JMFIXAn issue STARTSWITH in filter was fixed.
JMFIXROUTETO/COPYTO can now use variables (IE "spam@%LOCALHOST%").
JMFIXFixes an issue where starting external programs could fail (0xC0000142 error without a .DLL listed).
JMFIXTakes care of possible whitelist corruption when certain Received: headers were processed.
JMADDIS filter type.
JMADDENDSWITH filter type.
JMADDHEADERS filter location.
JMADDREDIRECT option in config files to allow configuration "groups".

1.56 [Beta, 10 Jul 2002]
PieceTypeChange
AVFIXEmail addressed with a trailing dot ("user@example.com.") will now use per-user/per-domain settings.
AVFIXWill not trigger MIME vulnerability for attachment-only (no body) .wav/.mpg Emails.
AVFIXMakes sure that unnamed attachments will not get banned based on extension (Content-ID:).
AVFIXBANCRVIRUSES will now control blank folding vulnerability as well.
JMFIXExternal programs now started as detached processes.
JMFIXWill now log tests that fail, if they have a weight, even if IGNORE action is used.
JMFIXBADHEADERS test will now catch bogus non-standard headers (with no ":").
JMFIXHELO of $domain will set off BADHEADERS instead of SPAMHEADERS.
JMFIXHELO will now honor HOP settings.
JMFIXSupport added for DNS-based spam tests that return CNAMES and multiple values.
JMFIXDUL tests will now be skipped for local users.
JMADD"weightrange" test type to allow for a range of weights (IE 10 through 15).

1.55 [Beta, 18 Jun 2002]
PieceTypeChange
ALLFIXFixes issue with FOOTER action and Emails with a CTRL-Z in them.
JMFIXRenamed FOLDER action to MAILBOX to prevent massive confusion with directories.
JMFIXFixes an issue with IP checking changes in 1.54 on multi-hop setups.
JMFIXATTACH action can now use %WARNING% variable.
JMADDAdds "externalplus" test type, where a exit code of 1 will whitelist an Email (2-9 are reserved).
JMADDAdds "weight" response type for external test type, to indicate that the exit code is a weight.
JMADDAdds "weightmatch" test type, to indicate an exact match (IE will only get triggered if the total weight is 10, but not if it is 11).
JMADDAdds "filter" test type.
AVADDSupport for Outlook MIME headers exploit detection.
AVADDFORGINGVIRUS option to set sender of virus to [Forged].

1.54 [Beta, 07 Jun 2002]
PieceTypeChange
JMFIXWill now properly handle IP addresses in parentheses in Received: header.
JMFIX%WEIGHT% will now show as 0 for whitelisted Email.
JMFIXWHITELIST TO can now be used on Standard version, for abuse@ and postmaster@ addresses.
AVADDSUBJECT configuration option to alter subject for virus scanned Email (IE "SUBJECT [Virus Scanned]").
JMADDLOOSENSPAMHEADERS configuration option to skip Message-ID: header check in SPAMHEADERS test.
JMADDHELOBOGUS test to verify that HELO text is valid with an MX or A DNS record.
JMADDNew FOLDER action (Pro version only) to move spam to a folder.
JMADDNew COPYTO action (Pro version only) to copy spam to a specific Email address.
JMADDNew ROUTETO action, to re-route spam to a specific Email address.

1.53 [Release, 11 May 2002]
PieceTypeChange
AVFIXLast 2 bytes of base64-encoded segments might not get saved; fixed.

1.52 [Release, 09 May 2002]
PieceTypeChange
AVFIXOn-access scanners without command line scanners no longer need a stub program.
JMFIXCIDR ranges no longer need non-significant bits set to zero (IE "192.168.112.1/24" is OK now)
JMFIXNow supports CIDR /32 range for a single IP (IE "10.123.2.44/1").

1.51 [Beta 01 May 2002]
PieceTypeChange
ALLFIXMore tweaking with mailing list Emails.

1.50 [Beta 26 Apr 2002]
PieceTypeChange
ALLFIXMailing list Emails may have been delayed 1-2 hours; fixed.
AVFIX"Blank Folding" Outlook vulnerability could get triggered with RFC822 attachments; fixed.
JMFIXWHITELIST TO and WHITELIST TODOMAIN might not have worked in certain situations with multiple recipients; fixed.
ALLADDDAISYCHAIN option to allow for programs other than smtp32.exe to be called after Declude.

1.49 [Beta 24 Apr 2002]
PieceTypeChange
AVFIXFixed an issue with uudecoding that came up in the previous release.

1.48 [Beta 23 Apr 2002]
PieceTypeChange
ALLFIX.LST files will no longer need to be scanned.
JMFIXProblem with new ATTACH action and message bodies >8K; fixed.
AVADDAn issue with ONACCESS ON setting fixed.
AVADDImproved base64/uudecoding funcionality
AVADDDetection of Outlook "Blank Folding" vulnerability.

1.47 [Beta 22 Apr 2002]
PieceTypeChange
JMFIXDNS engine changed to prevent a temporary handle loss if no DNS packet returned.
JMFIXWHITELIST and ipfile test type now can use CIDR ranges (IE 192.168.0.0/16 or 10.11.12.0/24).
AVADDSKIPIFVIRUSNAMEHAS can now be in the headers of .eml files to prevent the notification from getting sent for certain viruses (IE "SKIPIFVIRUSNAMEHAS Klez").
JMADDWHITELIST TODOMAIN to whitelist all mail for a domain (IE "WHITELIST TODOMAIN example.com").
JMADDWHITELIST TO (Pro version only) to whitelist all mail for a user (IE "WHITELIST TO user@example.com").
JMADDAdded ATTACH action (Pro version only), which converts an annoying spam into a more pleasant attachment (uses \IMail\Declude\spamattach.eml).

1.46 [Release 26 Mar 2002]
PieceTypeChange
JMFIX%TESTSFAILED% will now return "None" if no tests failed.
JMFIXWill no longer run ip4r tests on private IP ranges.
ALLFIXLog files will now show 17-character spool filename (IMail 7.06HF1+) rather than first 7 characters.
ALLFIXEnhancements made to file IO when adding headers and making other changes to Email.

1.45 [Beta 19 Mar 2002]
PieceTypeChange
AVFIXNow supports most possible corrupt MIME segments, such as those used by some Gibe and FBound variants.

1.44 [Beta 12 Mar 2002]
PieceTypeChange
JMFIX# of whitelist entries increased to 200; code added to prevent issues when max is reached.
CONFIXNow supports 17-character filenames (from IMail 7.06HF1).

1.43 [Release 12 Mar 2002]
PieceTypeChange
AVFIXTakes care of a problem where spaces in a MIME segment could cause scanner to see a corrupt attachment; fixed.
AVFIXFixed an issue with 1.42 where files could not be moved between drives.

1.42 [released 07 Mar 2002]
PieceTypeChange
JMFIXFixed potential issue with "Copy all mail" that could cause subject to get altered.
JMFIXHEADER/FOOTER/SUBJECT can now use variables.
AVFIXWill now automatically replace an Email already in the VIRDIR directory (rather than letting a virus be delivered if duplicate spool file names occur).

1.41 (beta)
PieceTypeChange
AVFIXAn priority issue was discovered when multiple recipients of a virus had different settings; fixed.
ALLADD%CR% variable to add a linefeed (IE for Declude JunkMail HEADER option).
AVADDXSPOOLNAME and XSENDER options added

1.40 (beta)
PieceTypeChange
AVFIXWill now treat Emails with the Microsoft Outlook "CR" Vulnerability as a virus.
AVFIXuuencoded files with bogus filenames might not have been scanned; fixed.
JMFIXDefault X-RBL-Warning: header now includes the name of the test that failed.

1.39 (beta)
PieceTypeChange
JMFIXIn some cases WARN action data could be used with SUBJECT action; fixed.
AVFIXCLSID extension check now will only trigger if CLSID is in extension (not if it only appears in filename).
AVFIXChanges made for Lite version support.

1.38
PieceTypeChange
JMFIX"fromfile" test could cause header corruption when used with WARN action; fixed.

1.37 (beta)
PieceTypeChange
ALLFIXChanged "D" file renaming to realtime priority to prevent IMail from stealing the file.
AVFIXFixes an issue where ONACCESS ON might not work properly.
JMFIXWARN action might not have worked properly with multiple recipients; fixed.
JMFIXWeighting for "external" test type wasn't working; fixed.
JMFIXAnother change to get variables to work with the SUBJECT action.
JMFIXWarning message for "fromfile" test type might be corrupt; fixed.
JMFIXDomains in "fromfile" test type might not have worked correctly; fixed.

1.36 (release)
PieceTypeChange
ALLFIXIn some rare cases IMail could possibly re-use a D file Declude was using; fixed.
AVFIXWith multiple scanners, if one was broken, the other couldn't be used; fixed.
AVFIXSome broken uuencoded segments that couldn't be scanned now can.
JMFIXA problem came up where the WARN action might not get used; fixed.
JMFIXCan now use variables with the HEADER/FOOTER actions.

1.35 (release)
PieceTypeChange
AVFIXChange to prescanning code to verify that only HTML files are prescanned.
JMFIXChange to make sure that <> won't fail MAILFROM test.
JMFIXCan now use variables in subject action (IE "WEIGHT10 SUBJECT [WEIGHT=%WEIGHT%].
JMADD%TESTSFAILED% variable (IE "BADHEADERS,MAILFROM").

1.34
PieceTypeChange
AVFIX"Virus Found" will now take priority over a banned file extension.
CONFIXWill now work properly with domain aliases (IE imailsrv@example.com -> imailsrv@mail.example.com).
JMFIX%ALLRECIPS% will now be truncated if very long.

1.33
PieceTypeChange
JMFIX%ALLRECIPS% in XINHEADER option could crash; fixed.
JMFIXDomains listed in "fromfile" test type now work as a partial match.
JMFIXAnother tweak to prevent global.cfg from being used instead of $default$.JunkMail.
AVFIXWill now properly handle Emails with more than 100 MIME segments.

1.32
PieceTypeChange
ALLFIXNow starts programs (smtp32.exe, scanners, etc.) with no window, which should eliminate Microsoft/IMail/Declude's 0xC0000142 problem.
ALLFIXMaximum address length Declude will display changed from 64 to 129.
JMFIXMAILFROM test wasn't counting towards weighting; fixed.
JMFIXglobal.cfg file still be used in some cases; fixed.
JMFIXBADHEADERS test will now be triggered if no To: or From: header.
JMFIXBADHEADERS test will now detect bogus "numbered" time zones.
JMFIXWHITELIST ANYWHERE now case insensitive.

1.31
PieceTypeChange
JMFIXMore changes to ensure global.cfg only used for outgoing mail.
JMFIXExternal programs now need to be formatted as 'TESTNAME external returnvalue "filename"'.
AVFIXDual scanners wouldn't work properly; fixed.
AVFIX1.30 wouldn't work with non-standard spool directories without using TEMPDIR option; fixed.
AVFIX"ERROR 123 opening outfile" problem fixed.
AVFIXTNEF problem fixed (wouldn't work properly with files not using winmail.dat name).

1.30
PieceTypeChange
JMFIXNo longer fails BADHEADERS test with invalid "@localhost" in Message-ID:, to allow Email from Pegasus through.
JMFIXCould miss first character of username, fixed.
JMFIXAdds support for internal IPs shown by Interscans weird headers.
JMFIXRemoved POPUP action to remove reliance on user32.dll (to minimize "C0000142" issues).
AVFIXWill now display the name of a file even if it is not in quotes.
AVFIXWill now display the name of a file even if it is only listed in Content-Disposition: header.
AVFIXMajor overhaul to the MIME decoding routines.
ALLFIXDeclude.exe now shrunk to about 1/2 original size.
ALLFIXDeclude.exe dependency on user32.dll eliminated, which will help with IMail's "C000142" issue.
JMADD%HEADERCODE% variable to display Declude's code for BADHEADERS/SPAMHEADERS tests.
AVADDDELIVERERRORS ON config option to deliver Email when an error code is reported by scanned.
AVADDTEMPDIR config option to let you choose directory that Declude scans files in.
AVADDSLEEP config option to have Declude "sleep" for a certain number of seconds (so you can see decoded files).
AVADDWill automatically detect F-Prot.PIF file and delete it, so it doesn't prevent mail from being scanned.
AVADDPRO version: Support for multiple scanners using SCANFILE2, VIRUSCODE2, REPORT2, OKCODE2.

1.29
PieceTypeChange
AVFIXONLYSENDIFLOCALRECIPIENT wasn't working properly; fixed.
JMFIXWHITELIST would not work with MAILFROM test; fixed.
JMFIXSWITCHRECIP option wasn't working properly; fixed.
JMFIXExtra IP ranges added to SPAMROUTING test.
ALLADDCan use relative paths for LOGFILE and VIRDIR config options.
AVADDBANCLSID option to ban hiding file extensions with CLSIDs.
AVADDFOOTER option to add a footer to scanned Email.
AVADDDELETEVIRUSES option to allow deleting of viruses rather than quarantining them.
AVADDIf a BANnotify.eml file is present in \IMail\Declude, it will be sent when files with banned attachments are received.
AVADDTNEF (Exchange "winmail.dat") support added.
AVADD%BANEXT% variable added for BANnotify.eml (displays extension that was sent, IE "scr").
AVADDOKCODE config option to allow Email through when a virus scanner reports a certain code (such as for hoaxes).

1.28
PieceTypeChange
JMADDAdds weighting system.
JMADDSWITCHRECIP option; when set to ON will use intended recipient (alias@) rather than actual recipient (user@).
JMFIXSplits HEUR test into 10 levels (1: Very unlikely spam, to 10: Almost certainly spam).

1.27a
PieceTypeChange
AVADDONLYSENDIFLOCALRECIPIENT and ONLYSENDIFREMOTERECIPIENT for .eml template files.
ALLFIXSets desktop/workstation to "" not NULL for new processes to help prevent 'flashing' windows on screen.
ALLFIXAdds Declude Queue.

1.27
PieceTypeChange
JMFIXOutgoing Email using FOOTER action might not work; fixed.
AVFIXFiles that are BANned will now have their extension listed in the logs at LOGLEVEL HIGH.
AVFIXBANEXT will now no longer apply to BinHex files (since the extension can not be determined by examining the headers).
AVADDPRESCAN configuration option added (for Declude Virus Pro), when set to ON will pre-scan HTML files (if no dangerous code is found, it won't be sent to the scanner, saving CPU time).

1.26
PieceTypeChange
JMFIXWill now allow lines >1024 characters in headers.
JMFIXMAILFROM test warning message changed to be more understandable.
JMFIXDNS engine now has a failsafe to prevent possible infinite loops.
ALLADD%HEADERS% variable to display headers of Email.
ALLADDPID ON config option to display PID in debug log files.
ALLADDPIDDEBUG ON config option to save debug logs to separate file for each Declude process.
AVADDFiles that Declude saves are now treated by Windows as temporary files, for improved performance.
AVADDAdds IP address of remote sender to log file at MID or higher.
AVADDWill now scan plainttext segments that have a file name, due to horribly buggy mail clients that could possibly allow future viruses to be run that way.
JMADDPERCENT test added, to detect rare routing with a percent sign in Email addresses that IMail anti-relaying settings may not catch.

1.25a
PieceTypeChange
AVFIXLOG_OK config option broke in 1.25; fixed.
AVFIXBetter checking for spaces in SCANFILE config option.
JMFIXALERT/BOUNCE might not work properly; fixed.
JMFIXWarning message in bounce/alert Emails could be from wrong test when multiple tests failed; fixed.
JMFIXCould produce extraneous characters ("iiiii") in headers with WARN action; fixed.
JMFIXAdds extra logging when MX record lookup fails (at LOGLEVEL HIGH).
AVADDAdds %REMOTEIP% variable to return IP address of remote server.

1.25
PieceTypeChange
ALLFIXA crash (unnoticeable) could occur in unusual circumstances; fixed.
AVFIXAdds a 'banned' message to the log when Emails are banned based on their extensions.
JMFIXVariables in BOUNCE/ALERT Emails could be set to wrong test; fixed.
JMFIXHEADER/FOOTER could occur multiple times; fixed.
JMFIXWill not fail MAILFROM test if server reports a failure.
AVADDWill now report the error code that a scanner returns.

1.24
PieceTypeChange
ALLFIXIf SendName registry entry is not declude.exe or smtp32.exe, Declude won't try to set it back to declude.exe.
ALLFIXGets rid of extraneous Declude.rsp file (from 1.23).
AVFIXCould send .eml files for Declude JunkMail or Declude Confirm; fixed.
AVFIX%LOCALHOST% will now use official host name for remote-to-remote Email (where neither sender nor recipient are local).
JMFIXPossible crash in bounce messages if they were over 32K; fixed.
JMFIXMAILFROM test could get triggered on a DNS timeout; fixed.
JMFIXAdds error checking to see if an Email can't be moved to the hold directory.
JMFIXHEADER action can now be up to 1,000 bytes long.
JMFIXAll DUL tests (any with DUL in the name, such as OSDUL) will bypass first hop.
CONFIXProblem using listserv@ address; fixed.
AVADDBANEXT config option to allow you to ban certain file extensions (which get quarantined, but no notifications get sent out). Usage: "BANEXT exe".
AVADDAdding "ONLYSENDIFLOCALSENDER" or "ONLYSENDIFREMOTESENDER" on a line by itself in .eml files will force Declude to only send the notification if the sender is local/remote.
AVPROADDPer-domain and per-user scanning now available.
HIADDALLOWIP config option to allow certain IPs to send unlimited mail. Usage: "ALLOWIP 127.0.0.1".

1.23
PieceTypeChange
AVFIXWill now send notifications to postmaster@%LOCALHOST% for the "Snow White" virus.
AVFIXWill verify there are no spaces in SCANFILE option.
JMFIXBetter support for failed DNS queries.
JMFIXImproved DNS lookups (most now done in parallel, reducing delivery delays).
JMFIXNow supports domains greater than 64 bytes in length.
JMFIXWill better handle REVDNS test if there is a timeout.
HIFIXNow accepts listsrv@ as well as imailsrv@.
ALLFIXWill now timeout after 30 seconds of trying to lock a file.
DNSFIXMany improvements to the DNS engine.
JMADDACTION: BOUNCE (beta!) will return a 'bounce' message, and not deliver the spam.
JMADDACTION: ALERT (beta!) action will return a 'bounce'-like message, but will also deliver the spam.
JMADDACTION: POPUP. This will display a pop-up box. Likely of limited use (except with CATCHALLMAILS for important addresses?).
ALLADDDiagnostic mode added. Typing "Declude -diag" from a command prompt will display diagnostic information.

1.22a
PieceTypeChange
CONFIXWould not always record to log file at LOW setting; fixed.
CONFIXCould fail to work if subscribe message was > 8000 characters.
JMFIXIf recipient file couldn't be opened after spam processing, processing could halt; fixed.

1.22
PieceTypeChange
CONADDAdds Declude Confirm.

1.21c
PieceTypeChange
JMFIXChanges max. length of warning message to 255 characters.
JMFIXSPAMROUTING wouldn't work properly with several overseas IPs; fixed.
JMFIXWARN action with REVDNS will now display a message in the header.
JMFIXReverse DNS lookup will return "(Private IP)" for private IP addresses.
JMFIXNow treats 0.0.0.0 as a private IP.
JMFIXSPAMROUTING will now handle private IPs not marked as such.

1.21b
PieceTypeChange
JMFIXTEST TYPE: revdnsexists broke in 1.21a; fixed.

1.21a
PieceTypeChange
JMFIXACTION: WARN action could be missing CRLF; fixed.

1.21
PieceTypeChange
JMFIXCould cut off first character of "To:" address in log files for digest messages; fixed.
JMFIXACTION: WARN action can now take a string (IE "RBL WARN X-RBL-Warning: %WARNING%").
JMFIXCONFIG: Changed WHITELIST option so it can accept spaces.
JMADDACTION: BEEP action added. "RBL BEEP 1000 100" (MHz/ms)
JMADDTEST TYPE: "rhsbl", to do DNS-based lookups on MAIL FROM host name, rather than IP address. IE dsn.rfc-ignorant.com.
JMADDTEST TYPE: "revdnsexists" to make sure a reverse DNS entry exists for the remote servers' IP address.
JMADDVARIABLE: %WARNING% to return warning message (from the TXT record in DNS lookups).
JMADDVARIABLE: %TESTNAME% to return the name of the test ("RBL").
JMADDVARIABLE: %TESTDOMAIN% to return the domain used by DNS tests ("inputs.orbs.org").
JMADDVARIABLE: %REVIP% to return the IP address of the remote DNS server.
JMADDVARIABLE: %REVDNS% to return the reverse DNS entry for the mail server's IP address.

1.20 [Public Release]
PieceTypeChange
AVFIXSome people had problem with a deccon.exe error; fixed.
JMFIXWHITELIST sometimes wouldn't work properly; fixed.

1.19
PieceTypeChange
JMFIXA buffer overrun could occur in certain cases with many recipients; fixed.
AVFIX%ALLRECIPS% now will have a space after commas for multiple recipients.
AVFIX%LOCALHOST% could return a remote domain in certain circumstances; fixed.
AVFIXSkipping files (.GIF, etc.) could leave .vir directories behind if plain text segments occurred afterwards; fixed.
AVFIXInvalid .eml template files (such as no From:) would cause Declude to stop processing at that point; fixed.
AV/JMADDIf Declude's registry hook gets changed, running declude.exe manually will fix it.
AVADDONACCESS config option. Should be set to ONACCESS OFF unless you use an on-access scanner with Declude. Will prevent issues with incorrect REPORT config option.
AVADDSCANNERTIMEOUT config option, to set the number of seconds Declude will wait for a scanner to end. Will minimize impact of F-Prot .PIF "never end" bug.
JMADDWHITELIST config option (IP/FROM/ANYWHERE). Lets you whitelist an IP/MAILFROM or body text, to prevent Email from getting caught. IE "WHITELIST IP 192.168.10.2"

1.18
PieceTypeChange
JMFIXDNS engine change to prevent problem with some Emails not being scanned if MAILFROM test was used.
JMADDSupport added for external third party programs to be used to enhance Declude.
AVADDWill now skip over duplicate mailing list messages.

1.17
PieceTypeChange
AVFIXQuoted file names in uuencoded sections would get caught as viruses; fixed.

1.16d
PieceTypeChange
AVFIXv1.16c could report false positives; fixed.
AVADD%VERSION% variable added.

1.16c
PieceTypeChange
AVFIXWill now delete all .SM# files from spool directory, even if Email was not sent.
AVFIX%VIRUSNAME% should now work properly.

1.16b
PieceTypeChange
AVFIX%VIRUSNAME% and %VIRUSFILE% return "Unknown" when name/file can't be determined.
AVFIXWill no longer send Email from "postmaster@Unknown" for Snow White virus.
AVFIXWill now allow blank lines anywhere in .eml template files.
AVADDWhen using REPORT cfg option, will record virus file and name to log.
JMFIXWould consider mail server versions (such as 5.5.1024.3) an IP address in rare situations; fixed.

1.16
PieceTypeChange
AVFIX%LOCALHOST% could return hostname of remote sender instead of local domain if a domain alias was used; fixed.
AVFIXEmail notifications could have several extra blank lines at top; fixed.
JMFIXCould tag incoming Emails as outgoing (remote) if a domain alias was used; fixed.

1.15
PieceTypeChange
AVFIXWill now wait 10 minutes (instead of 60) for imail1.exe to send Email notifications.
AVFIXDomains with a "-" in them will now have Email notifications sent properly by imail1.exe.
AVFIX%ALLRECIPS% will now show the intended recipients, rather than the final recipients (IE when using aliases).
AVFIX%VIRUSFILE% will now work with McAfee .ZIP file scanning.
AVFIXWill no longer send notifications to "<>" .
AVFIXimail1.exe would add a space to some domain names; fixed.
AVADDWill now pop up the imail1.exe window if any problems occur sending notifications.
AVADD%SENDERHOST% and %RECIPHOST% variables added to return the host of the sender and recipient.
JMFIXCould add multiple Subject: headers; fixed.
JMFIXRe-working of DNS server name resolution; people using the "DNS" config option should now be able to take it out.
JMADDBADHEADERS test detects headers that are frequent in spam, and should never occur in legitimate Email.
JMADDSPAMHEADER test detects headers that are frequent in spam, and rarely occur in legitimate Email.
JMADDSPAMROUTING test detects poor routing common to spam, but rare in legitimate mail.
JMADDCATCHALLMAILS test that will mark ALL mail as spam. This is NOT a spam test.

1.14
PieceTypeChange
AVFIXWill now handle the MIME x-uuencoded file type as well as standard uuencoded attachments.
AVFIXWill now scan "\IMail\spool\dir\" rather than "\IMail\spool\dir\*.*", since a couple virus scanners choked on "*.*".
AVFIXWill default internally to MIME type text/plain per RFC1521.
AVFIXHandling of MIME type "quoted-printable" could be flawed; fixed.
AVADDWill now handle BinHex Mac encoded attachments.
AVADDMID logging level will now show attachment file names.

1.13
PieceTypeChange
AVFIX%LOCALHOST% will now use recipient's domain name, rather than the IMail Host Name (which could be incorrect)
AVFIX%LOCALHOST% and %REMOTEHOST% will now work correctly (before, they could be switched for outgoing Email)
AVADDConfig options INCOMING ON/OFF and OUTGOING ON/OFF to turn on/off scanning of incoming/outgoing Emails
AVADDMID logging level will now record from/to/subject
AVADDNotifications: Will not send Email to NULL domains (based on incoming mail from "<>")
JMFIXWill prevent extra copies of header warnings from being added
JMADDConfig option IPBYPASS that will bypass an IP address (for example, your backup mail server) and start scanning at the next hop.
JMADDDUL test will now only be used on the first hop
JMADDConfig option XSENDER that will always add a header in the format "X-Declude-Sender: MAILFROM [IP]"
JMADDConfig option XSPOOLNAME that will always add a header in the format "X-Declude-Spoolname: Q1234567.SMD"
JMADDConfig options RELAYTHRESHOLD1 and RELAYTHRESHOLD2 for later use (Hijack detection in Pro version)
JMADDConfig options XINHEADER and XOUTHEADER to always add a header on incoming/outgoing Email (can use variables)
BOTHFIXThere was a possibility of a crash if incoming Email was addressed without a domain; fixed.
BOTHADDEnhanced debugging information will be recorded in the event of a crash.

1.12
PieceTypeChange
AVFIXYou can now use lines beginning with "To:" "From:" or "Subject:" in Email template files.
AVFIX%REMOTEHOST% variable will now use "Unknown" for NULL senders ("<>"), instead of "localhost".
AVFIXWill no longer try sending Email to sender when the sender is a NULL sender("<>").
AVFIXWill make sure that temporary body file for Email notifications gets deleted from spool directory.
AVADDAdded %QUEUENAME% variable, which returns the queue file name (IE Q1234567.SMD).
AV/JMADDAdded CONSOLE ON/OFF configuration option for future use.
JMADDAdded HOPHIGH configuration option to specify a range of hops to scan. Declude will now scan from hop HOP to hop HOPHIGH.
AVADDWill now try up to 5 times to re-scan files if the scanner reports an error (should help users with McAfee choking on too many scans).

1.11b
PieceTypeChange
AV/JMFIXProblems processing .LST files; fixed.
DNSFIXWill properly distinguish between DNS server IPs and domain names.
AVFIX%DATE% used // as delimiter; changed to /.
AVFIXSome Email addresses in variables would have a trailing '>'; fixed.
AVADDWill now use "<>" for blank senders instead of "".
AVADD%SUBJECT% variable; returns the subject of the Email.
AVADD%MSGID% variable; returns the Message-ID of the Email.

1.11
PieceTypeChange
AVFIXWill now work with Email clients that use non-quoted boundaries (such as Pegasus).
AVADDEmail notifications.
AVADDWill kill AV processes that stay around for 1 hour.
AVADDWill scan multiple attachments at the same time, rather than separately, minimizing the number of AV processes started.
AV/JMADDIf you use #### in the log file name, it will be replaced with the date. For example, "LOGFILE C:\IMail\spool\dec####.log" will create dec0101.log on January 1st.

[Legend: AV=Declude EVA; JM=Declude JunkMail; DNS=DNS Engine FIX=Bug fix or change to an existing feauture; ADD=New feature CFG=Default Config File Change]
  CONTACT | CAREERS | DIRECTIONS | PRIVACY STATEMENTS
Copyright 2009 DECLUDE Inc. All Rights Reserved
Declude a division of DNSstuff Enterprise.



To be removed from our mailing list please click here