$report for <iframe> v. $report for actual virus

Julian Field mailscanner at ecs.soton.ac.uk
Tue Oct 8 17:24:21 IST 2002


At 16:05 08/10/2002, you wrote:
>MailScanner-3.23-4

Can you just check I didn't fix this already in -5?

>I don't recall this being discussed, and also looked through the
>archvies.
>
>If a Bugbear-A (others likely also) infected attachment is sent in a
>message with an <IFRAME> tag, the recipients of the message will only
>see the $report for "Possible Microsoft security vulnerability attack"
>and not the $report for ">>> Virus 'W32/Bugbear-A' found in file
>./g986oe3Y005322/hosting.ppt.exe (hosting.ppt.exe)"
>
>Here is the syslog entries from mailscanner for the above example:
>
>Oct  8 00:59:42 mail1.ihs.com mailscanner[8797]: >>> Virus
>'W32/Bugbear-A' found in file ./g986oe3Y005322/hosting.ppt.exe
>Oct  8 00:59:43 mail1.ihs.com mailscanner[8797]: Detected
>Microsoft-specific exploits in g986oe3Y005322
>Oct  8 00:59:43 mail1.ihs.com mailscanner[8797]: Found 3 viruses in
>messages g986oe3Y005322
>Oct  8 00:59:43 mail1.ihs.com mailscanner[8797]: Saved entire message to
>/var/spool/MailScanner/quarantine/20021008/g986oe3Y005322
>Oct  8 00:59:44 mail1.ihs.com mailscanner[8797]: Deleted infected
>messages g986oe3Y005322
>
>Although I am sure if I were to "Allow IFrame Tags = yes" the recipients
>would see the "Virus" report rather than the "vulnerability" report, but
>I would rather not allow iframe tags at the moment.
>
>Is it intentional to not show the "Virus" $report in the
>stored.virus.message.txt message?
>
>Thanks,
>
>Dustin Baer
>Unix Administrator/Postmaster
>Information Handling Services
>15 Inverness Way East
>Englewood, CO 80112
>303-397-2836

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list