Email Vulnerabilities
Jeroen
mailscanner-news at WIJDOGEN.DHS.ORG
Tue Sep 24 17:31:20 IST 2002
Hello,
> > >One thing I am wondering with, why does this eicar.com gfi test email
goes
> > >to my outlook express deleted items with a modified subject {VIRUS?}
> > >eicar.com [1/5] up to [5/5] and theres no warning message in the body
and
> > >the attachment is intact with the filename eicar.com. im just wondering
> > >about this.
> >
> > Can anyone else corroborate this? V3 should have deleted the entire
> > message in each of those cases.
I have the same, I upgraded also from the rpm to version: mailscanner-3.23-1
When i put debugging on 1 and restart mailsccanner, mailscanner stops after
" In Debugging mode, not forking...". Is this normal ?
When i run the :http://www.gfi.com/emailsecuritytest/ test and mailscanner
in debug mode i see this message in the logs, watch the Oh shit messages !:
[root at mail etc]# cat /var/log/maillog |grep g8OEwF113849
Sep 24 17:00:33 mail mailscanner[14094]: Detected Microsoft-specific
exploits in g8OEwF113849
Sep 24 17:00:34 mail mailscanner[14094]: Found 16 viruses in messages
g8OEwC113748,g8OEwH113923,g8OEwK113991,g8OEwG113882,g8OEwG113866,g8OEwH11390
9,g8OEwF113835,g8OEwD113772,g8OEwE113798,g8OEwJ113990,g8OEwF113849,g8OEwJ113
977,g8OEwI113962,g8OEwF113814
Sep 24 17:00:34 mail mailscanner[14094]: Oh shit, missed infected entity in
message :-( g8OEwF113849
Sep 24 17:00:36 mail mailscanner[14094]: Saved entire message to
/var/spool/MailScanner/quarantine/20020924/g8OEwF113849
Sep 24 17:05:27 mail mailscanner[15462]: Detected Microsoft-specific
exploits in g8OEwF113849
Sep 24 17:05:28 mail mailscanner[15462]: Found 13 viruses in messages
g8OEwK113991,g8OEwG113882,g8OEwH113909,g8OEwF113835,g8OEwD113772,g8OEwE11379
8,g8OEwJ113990,g8OEwF113849,g8OEwJ113977,g8OEwF113814,g8OEwI113962
Sep 24 17:05:29 mail mailscanner[15462]: Oh shit, missed infected entity in
message :-( g8OEwF113849
Sep 24 17:05:30 mail mailscanner[15462]: Saved entire message to
/var/spool/MailScanner/quarantine/20020924/g8OEwF113849
Sep 24 17:05:34 mail sendmail[15711]: g8OEwF113849: to=jeroen,
delay=00:07:18, xdelay=00:00:00, mailer=local, pri=132087, dsn=2.0.0,
stat=Sent
Sep 24 17:05:52 mail mailscanner[15462]: Found 3 viruses in messages
g8OEwD113772,g8OEwE113798,g8OEwF113849
[root at mail etc]# cat /var/log/maillog |grep g8OEwE113798
Sep 24 17:00:33 mail mailscanner[14094]: Detected Microsoft-specific
exploits in g8OEwE113798
Sep 24 17:00:34 mail mailscanner[14094]: Found 16 viruses in messages
g8OEwC113748,g8OEwH113923,g8OEwK113991,g8OEwG113882,g8OEwG113866,g8OEwH11390
9,g8OEwF113835,g8OEwD113772,g8OEwE113798,g8OEwJ113990,g8OEwF113849,g8OEwJ113
977,g8OEwI113962,g8OEwF113814
Sep 24 17:00:34 mail mailscanner[14094]: Oh shit, missed infected entity in
message :-( g8OEwE113798
Sep 24 17:00:35 mail mailscanner[14094]: Saved entire message to
/var/spool/MailScanner/quarantine/20020924/g8OEwE113798
Sep 24 17:05:27 mail mailscanner[15462]: Detected Microsoft-specific
exploits in g8OEwE113798
Sep 24 17:05:28 mail mailscanner[15462]: Found 13 viruses in messages
g8OEwK113991,g8OEwG113882,g8OEwH113909,g8OEwF113835,g8OEwD113772,g8OEwE11379
8,g8OEwJ113990,g8OEwF113849,g8OEwJ113977,g8OEwF113814,g8OEwI113962
Sep 24 17:05:29 mail mailscanner[15462]: Oh shit, missed infected entity in
message :-( g8OEwE113798
Sep 24 17:05:29 mail mailscanner[15462]: Saved entire message to
/var/spool/MailScanner/quarantine/20020924/g8OEwE113798
Sep 24 17:05:33 mail sendmail[15711]: g8OEwE113798: to=jeroen,
delay=00:07:19, xdelay=00:00:00, mailer=local, pri=130691, dsn=2.0.0,
stat=Sent
Sep 24 17:05:52 mail mailscanner[15462]: Found 3 viruses in messages
g8OEwD113772,g8OEwE113798,g8OEwF113849
[root at mail etc]#
Maybe this info is usefull to tackle the splitting message thing.
Regards,
Jeroen
More information about the MailScanner
mailing list