Problem with "Possible Microsoft security vulnerability attack"
detection on version 3.23-1??
Tim Lyons
tlyons at digitalvoodoo.org
Wed Sep 25 03:43:09 IST 2002
Funny you should bring that up now as I was just delving into that issue
myself as quite a few users are "miffed" to say the least. Email from sites
such as HoustonChronicls, WSJ, and numerous others are now unable to get
through.
Is this the expected behavior with the new mods? If so, what's the best way
to work this?
--Tim
On Tuesday 24 September 2002 22:15, you wrote:
> Hi all,
> I just upgraded to 3.23-1 two days ago. Everything is working fine except
> that there are unusual amount of detection on "Possible Microsoft security
> vulnerability attack". I was on 3.21-1 and guess this was not part of the
> feature.
>
> A brief check indicates that all came from a number of mailing lists that
> my users subscribe to. Examples like Daily Dilbert list, Oracle list,CNet
> news.com list...etc.
>
> I haven't had time to try to dive into the detection perl code for it and
> is wondering if someone facing the similar issue. From what I see, the is
> not configurable option on mailscanner.conf to control this new detection
> behaviour.
>
> Currently configured to keep whole infected message. If someone wants to
> take a look at these messages, I can collect a few of them and email it.
>
> Siew Wu
More information about the MailScanner
mailing list