ANNOUNCE: more bug fixes
Mike Kercher
mike at CAMAROSS.NET
Tue Oct 22 19:49:00 IST 2002
I think I'm good to go. I would like the Klez to NOT be a silent virus
though. If I uncomment the Silent Viruses = and leave the parameter
blank, MS bitches so I just made Yaha a silent virus because I rarely
see those any more. I have my postmaster ruleset done the way I want
and I want my clients to know that MS is working for them.
Have a drink on me! :)
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Tuesday, October 22, 2002 1:28 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: ANNOUNCE: more bug fixes
At 19:20 22/10/2002, you wrote:
>I commented out the Silent Viruses.
By doing that you get the default list which just consists of "Klez".
>I went and ran the gfi tests and it
>looks like everything was caught and I saw a number of messages get
>sent back to gfi.com I also received notifications.
Good.
Where does that leave us?
(I'm trying track a dozen threads at the same time, and this new bottle
of brandy is very nice indeed :-)
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Tuesday, October 22, 2002 12:47 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: ANNOUNCE: more bug fixes
>
>
>That log extract shows it finding Klez. Klez is in the default list of
>"Silent Viruses" so I wouldn't expect a report in that case.
>
>Please can you try this with the Eicar test file from www.eicar.org?
>
>At 18:14 22/10/2002, you wrote:
> >Notifications don't seem to be working here with V4.01-6:
> >
> >Oct 22 11:30:44 redline sendmail[21488]: g9MGUgb21488:
> >from=<dnelzen at cablenet-va.com>, size=133361, class=0, nrcpts=1,
> >msgid=<200210221631.g9MGV7n04107 at smtp.cablenet-va.com>, proto=ESMTP,
> >daemon=MTA, relay=smtp.cablenet-va.com [24.197.1.58] Oct 22 11:30:49
> >redline MailScanner[14100]: New Batch: Scanning 1 messages, 133822
> >bytes Oct 22 11:30:49 redline MailScanner[14100]: Spam Checks:
> >Starting Oct 22 11:30:49 redline MailScanner[14100]: Spam Checks:
> >Found 0 spam messages Oct 22 11:30:49 redline MailScanner[14100]:
> >Virus Scanning: Starting Oct 22 11:30:50 redline MailScanner[14100]:
> >>>> Virus 'W32/Klez-H'
>found
> >in file ./g9MGUgb21488/.pif
> >Oct 22 11:30:50 redline MailScanner[14100]: Virus Scanning: sophos
>found
> >1 infections
> >Oct 22 11:30:50 redline MailScanner[14100]: Virus Scanning: Found 1
> >viruses Oct 22 11:30:51 redline MailScanner[14100]: Other Checks:
> >Starting Oct 22 11:30:51 redline MailScanner[14100]: Filename Checks:
> >Possible MS-Dos program shortcut attack (.pif)
> >Oct 22 11:30:51 redline MailScanner[14100]: Other Checks: Found 1
> >problems
> >Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Starting
> >Oct 22 11:30:51 redline MailScanner[14100]: HTML IFrame tag found in
> >message from dnelzen at cablenet-va.com
> >Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Detected
> >Microsoft-specific exploits in g9MGUgb21488
> >Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Need to
> >convert HTML to plain text in 1 messages
> >Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Found 1
> >problems
> >Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Detected
>and
> >will convert HTML message to plain text in g9MGUgb21488
> >Oct 22 11:30:51 redline MailScanner[14100]: Silent: Delivered 1
>messages
> >containing silent viruses
>
>--
>Julian Field Teaching Systems Manager
>jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
>Tel. 023 8059 2817 University of Southampton
> Southampton SO17 1BJ
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list