Version 3 improved virus reports
Rabellino Sergio
rabellino at DI.UNITO.IT
Thu Oct 10 09:40:56 IST 2002
Julian Field wrote:
>
> Please can someone try this out for me and see if the results are better
> than they were before?
>
> I have changed the reporting slightly so that when there is a problem with
> the message (such as Microsoft insecurity exploit found), the report the
> user gets will contain *all* the reports for that message.
>
> This should greatly improve the usefulness of the report they get when a
> copy of Bugbear is found.
>
> I've done the same change to version 4 as well.
>
> The attached files are for version 3. If someone says they fix the problem,
> I will release a new copy of V3 and V4.
>
> So the faster someone tests it, the faster you get a new release :-)
>
Follow a sample of the new logging for bugbear...
------------3ULS025O79R4PPS
Content-Type: text/plain; charset="us-ascii"; name="VirusWarning.txt"
Content-Disposition: inline; filename="VirusWarning.txt"
Content-Transfer-Encoding: quoted-printable
Warning: This message has had one or more attachments removed.
Warning: Please read the "Virus Warning.txt" attachment(s) for more informa=
tion.
The original e-mail attachment "the entire message"
was believed to be infected by a virus and has been replaced by this warning
message.
If you wish to receive a copy of the *infected* attachment, please
e-mail "virusalert at di.unito.it" and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.
At Thu Oct 10 10:32:11 2002 the virus scanner said:
Possible Microsoft security vulnerability attack
=20=20=20
/g9A8Vned004112/resume.exe Found the W32/Bugbear at MM virus !!!
This attachment type is not allowed by our servers (resume.exe)
Note to Help Desk: Look on pianeta.di.unito.it in /opt/mailscanner/sendmail=
/quarantine (message g9A8Vned004112).
------------3ULS025O79R4PPS--
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
Member of the Internet Society
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
More information about the MailScanner
mailing list