$report for <iframe> v. $report for actual virus

Dustin Baer dustin.baer at IHS.COM
Tue Oct 8 16:05:23 IST 2002


MailScanner-3.23-4

I don't recall this being discussed, and also looked through the
archvies.

If a Bugbear-A (others likely also) infected attachment is sent in a
message with an <IFRAME> tag, the recipients of the message will only
see the $report for "Possible Microsoft security vulnerability attack"
and not the $report for ">>> Virus 'W32/Bugbear-A' found in file
./g986oe3Y005322/hosting.ppt.exe (hosting.ppt.exe)"

Here is the syslog entries from mailscanner for the above example:

Oct  8 00:59:42 mail1.ihs.com mailscanner[8797]: >>> Virus
'W32/Bugbear-A' found in file ./g986oe3Y005322/hosting.ppt.exe
Oct  8 00:59:43 mail1.ihs.com mailscanner[8797]: Detected
Microsoft-specific exploits in g986oe3Y005322
Oct  8 00:59:43 mail1.ihs.com mailscanner[8797]: Found 3 viruses in
messages g986oe3Y005322
Oct  8 00:59:43 mail1.ihs.com mailscanner[8797]: Saved entire message to
/var/spool/MailScanner/quarantine/20021008/g986oe3Y005322
Oct  8 00:59:44 mail1.ihs.com mailscanner[8797]: Deleted infected
messages g986oe3Y005322

Although I am sure if I were to "Allow IFrame Tags = yes" the recipients
would see the "Virus" report rather than the "vulnerability" report, but
I would rather not allow iframe tags at the moment.

Is it intentional to not show the "Virus" $report in the
stored.virus.message.txt message?

Thanks,

Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836



More information about the MailScanner mailing list