ANNOUNCE: more bug fixes

Mike Kercher mike at CAMAROSS.NET
Tue Oct 22 19:20:24 IST 2002


I commented out the Silent Viruses.  I went and ran the gfi tests and it
looks like everything was caught and I saw a number of messages get sent
back to gfi.com  I also received notifications.

Mike



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Tuesday, October 22, 2002 12:47 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: ANNOUNCE: more bug fixes


That log extract shows it finding Klez. Klez is in the default list of
"Silent Viruses" so I wouldn't expect a report in that case.

Please can you try this with the Eicar test file from www.eicar.org?

At 18:14 22/10/2002, you wrote:
>Notifications don't seem to be working here with V4.01-6:
>
>Oct 22 11:30:44 redline sendmail[21488]: g9MGUgb21488:
>from=<dnelzen at cablenet-va.com>, size=133361, class=0, nrcpts=1,
>msgid=<200210221631.g9MGV7n04107 at smtp.cablenet-va.com>, proto=ESMTP,
>daemon=MTA, relay=smtp.cablenet-va.com [24.197.1.58] Oct 22 11:30:49
>redline MailScanner[14100]: New Batch: Scanning 1 messages, 133822
>bytes Oct 22 11:30:49 redline MailScanner[14100]: Spam Checks: Starting
>Oct 22 11:30:49 redline MailScanner[14100]: Spam Checks: Found 0 spam
>messages
>Oct 22 11:30:49 redline MailScanner[14100]: Virus Scanning: Starting
>Oct 22 11:30:50 redline MailScanner[14100]: >>> Virus 'W32/Klez-H'
found
>in file ./g9MGUgb21488/.pif
>Oct 22 11:30:50 redline MailScanner[14100]: Virus Scanning: sophos
found
>1 infections
>Oct 22 11:30:50 redline MailScanner[14100]: Virus Scanning: Found 1
>viruses
>Oct 22 11:30:51 redline MailScanner[14100]: Other Checks: Starting
>Oct 22 11:30:51 redline MailScanner[14100]: Filename Checks: Possible
>MS-Dos program shortcut attack (.pif)
>Oct 22 11:30:51 redline MailScanner[14100]: Other Checks: Found 1
>problems
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Starting
>Oct 22 11:30:51 redline MailScanner[14100]: HTML IFrame tag found in
>message from dnelzen at cablenet-va.com
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Detected
>Microsoft-specific exploits in g9MGUgb21488
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Need to
>convert HTML to plain text in 1 messages
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Found 1
>problems
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Detected
and
>will convert HTML message to plain text in g9MGUgb21488
>Oct 22 11:30:51 redline MailScanner[14100]: Silent: Delivered 1
messages
>containing silent viruses

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list