Version 3 improved virus reports

Rabellino Sergio rabellino at DI.UNITO.IT
Thu Oct 10 09:40:56 IST 2002

Julian Field wrote:
> Please can someone try this out for me and see if the results are better
> than they were before?
> I have changed the reporting slightly so that when there is a problem with
> the message (such as Microsoft insecurity exploit found), the report the
> user gets will contain *all* the reports for that message.
> This should greatly improve the usefulness of the report they get when a
> copy of Bugbear is found.
> I've done the same change to version 4 as well.
> The attached files are for version 3. If someone says they fix the problem,
> I will release a new copy of V3 and V4.
> So the faster someone tests it, the faster you get a new release :-)
Follow a sample of the new logging for bugbear...

Content-Type: text/plain; charset="us-ascii"; name="VirusWarning.txt"
Content-Disposition: inline; filename="VirusWarning.txt"
Content-Transfer-Encoding: quoted-printable

Warning: This message has had one or more attachments removed.
Warning: Please read the "Virus Warning.txt" attachment(s) for more informa=

The original e-mail attachment "the entire message"
was believed to be infected by a virus and has been replaced by this warning

If you wish to receive a copy of the *infected* attachment, please
e-mail "virusalert at" and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Thu Oct 10 10:32:11 2002 the virus scanner said:
   Possible Microsoft security vulnerability attack
   /g9A8Vned004112/resume.exe        Found the W32/Bugbear at MM virus !!!
   This attachment type is not allowed by our servers (resume.exe)

Note to Help Desk: Look on in /opt/mailscanner/sendmail=
/quarantine (message g9A8Vned004112).


Dott. Sergio Rabellino

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)
 Member of the Internet Society
Tel. +39-0116706701
Fax. +39-011751603

More information about the MailScanner mailing list