Filename rules and virus

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Fri Nov 15 14:24:46 GMT 2002


Hello,

I just discovered something strange:  an email with an infected .EXE got
trapped by MS and quarantined (as per the filename rules) but McAfee was
able to disinfect it so MS decided to send it to the recipient,
disregarding the filename rules!

Nov 15 06:36:08 smtp3 MailScanner[29982]: New Batch: Scanning 1 messages, 207433 bytes
Nov 15 06:36:08 smtp3 MailScanner[29982]: Spam Checks: Starting
Nov 15 06:36:08 smtp3 MailScanner[29982]: Virus and Content Scanning: Starting
Nov 15 06:36:08 smtp3 MailScanner[29982]: /gAFBa4w14876/Server.exe        contient le virus W32/Magistr.b at MM !!!
Nov 15 06:36:08 smtp3 MailScanner[29982]: Virus Scanning: mcafee found 1 infections
Nov 15 06:36:08 smtp3 MailScanner[29982]: Virus Scanning: Found 1 viruses
Nov 15 06:36:08 smtp3 MailScanner[29982]: Filename Checks: Fichiers EXE dangereux (Server.exe)
Nov 15 06:36:08 smtp3 MailScanner[29982]: Other Checks: Found 1 problems
Nov 15 06:36:08 smtp3 MailScanner[29982]: Saved infected "Server.exe" to /quarantaine/usherbrooke/20021115/gAFBa4w14876
Nov 15 06:36:08 smtp3 MailScanner[29982]: Cleaned: Delivered 1 cleaned messages
Nov 15 06:36:09 smtp3 MailScanner[29982]: Sender Warnings: Delivered 1 warnings to virus senders
Nov 15 06:36:09 smtp3 MailScanner[29982]: Disinfection: Attempting to disinfect 1 messages
Nov 15 06:36:09 smtp3 sendmail[14887]: gAFBa8L14883: to=source at sympatico.ca, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30868, relay=smtp12.sy
mpatico.ca. [209.226.175.80], dsn=5.1.1, stat=User unknown
Nov 15 06:36:09 smtp3 MailScanner[29982]: Disinfection: Rescan found only 0 viruses
Nov 15 06:36:09 smtp3 sendmail[14887]: gAFBa8L14883: gAFBa9K14887: postmaster notify: User unknown
Nov 15 06:36:09 smtp3 sendmail[14890]: gAFBa9D14890: from=quarantaine at usherbrooke.ca, size=157267, class=0, nrcpts=1, msgid=<200211151136.gAFBa9D14890 at smtp3.ush
erbrooke.ca>, bodytype=8BITMIME, relay=root at localhost
Nov 15 06:36:22 smtp3 sendmail[14893]: gAFBa9D14890: to=destination at usherbrooke.ca, ctladdr=quarantaine at usherbrooke.ca (0/0), delay=00:00:13, xdelay=00:00:
13, mailer=relay, pri=187267, relay=c-s.usherbrooke.ca. [132.210.x.y], dsn=2.0.0, stat=Sent (GAA150818 Message accepted for delivery)

Can someone figure out what is going on?

Denis
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045




More information about the MailScanner mailing list