Goner-A problems

Scott Farrell sfarrell at ICCONSULTING.COM.AU
Thu Dec 6 08:48:12 GMT 2001 

I caught it also, with mailscanner-2.53-1 - I am using CA innoculateIT -
and it caught it just fine.

Not to mention that it was stopped by BOTH by virus scanner, and my
explicit rules. I have added many rules based use usenet postings about
known virus;.

Here are some of the explicit rules I have:

deny    \.dll$          Possible trojan horse           possible virus
deny    \.scr$          Possible trojan horse           possible virus
deny    \.exe$          Possible trojan horse           possible virus
deny    \.asd$  possible virus          possible virus
deny    \.chm$  possible virus          possible virus
deny    \.dll$  possible virus          possible virus
deny    \.ocx$  possible virus          possible virus
deny    \.hlp$  possible virus          possible virus
deny    \.hta$  possible virus          possible virus
deny    \.js$   possible virus          possible virus
deny    \.pif$  possible virus          possible virus
deny    \.scr$  possible virus          possible virus
deny    \.shb$  possible virus          possible virus
deny    \.shs$  possible virus          possible virus
deny    \.vb$   possible virus          possible virus
deny    \.vbe$  possible virus          possible virus
deny    \.vbs$  possible virus          possible virus
deny    \.wsf$  possible virus          possible virus
deny    \.wsh$  possible virus          possible virus

as you can see we just simply blocked the gone.scr - based on it is scr
extension. (yes I know - we are pretty anal around here).

regards
Scott Farrell

http://www.icconsulting.com.au
ic Consulting - the people that make eBusiness happen.
We offer e-business consulting and perform services. We deliver high impact
consulting, and fast turn around projects for our clients.
Ask us about Web Content Management,  Web Self Service, or working closer
with your customers or suppliers.

0412 927 156,   02 9411 3622  mailto:sfarrell at icconsulting.com.au



                    Julian Field
                    <jkf at ECS.SOTON.AC.        To:     MAILSCANNER at JISCMAIL.AC.UK
                    UK>                       cc:
                    Sent by:                  Subject:     Goner-A problems
                    MailScanner
                    mailing list
                    <MAILSCANNER at JISCM
                    AIL.AC.UK>


                    06/12/01 04:16 AM
                    Please respond to
                    MailScanner
                    mailing list




MailScanner seems to be having some problems catching the Goner-A virus. On
my systems it appears to miss it, so presumably the MIME decoding is
failing to work properly on it.

Until I manage to find the cause and publish the fix, I strongly advise you
to warn your users about this problem.

Sorry about this, it's the first time it has happened and I will try to
find a fix as fast as I can. Anyone else who wants to join the bug hunt is
welcome to try too! I have already contacted the author of the MIME-tools
module to see if he responds with any ideas.

Sorry again folks :-(

If you have managed to catch it, I would be very interested to hear exactly
what versions of the MIME-tools module you are using. It may be a bug only
present in some versions.
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list