Virus repot e-mail

Mike Klinkert michael at NOMENNESCIO.NET
Sun Jun 30 10:21:17 IST 2002


  Hi again,

I've got another question. It's something that's not changed recently,
it's been like this since I've start using MailScanner (couple of
months). When an e-mail is sent with a double extension for instance,
the recipient receives a message with all the correct data (Sender,
Recipient, Subject, etc.). However, when a virus has been detected, the
message that is sent to the recipient (as well as the local postmaster),
does not contain all the correct data:

The following e-mail messages were found to have viruses in them:

   Sender:
Recipient:
  Subject:
MessageID: opt
   Report: /opt/MailScanner-3.20-6/var/incoming/g5PHvNM14712/msg-3653-71.html        Found application Exploit-MIME.gen.b.
/opt/MailScanner-3.20-6/var/incoming/g5PHvNM14712/LANGSPEELPLATEN        Found the W32/Yaha.g at MM virus !!!

--
MailScanner
Email Virus Scanner

As you can see, the Sender, Recipient and Subject are all empty and the
MessageID is *always* "opt". When I look in
/opt/MailScanner/var/quarantine/<DATE>, I also notice a directory "opt",
as well as a directory which contains the viruses.

I'm using mcafee (installed in /opt/mcafee, I change the mcafeewrapper
script accordingly), for more details see a previous message to with I
attached the mailscanner.conf.linux.

BTW, the above report is an older message, since I now use
MailScanner-3.21-1.

--
Mike.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3315 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020630/f45f0d28/smime.bin


More information about the MailScanner mailing list