Problem with "Possible Microsoft security vulnerability attack" detection on version 3.23-1??

Tim Lyons tlyons at digitalvoodoo.org
Wed Sep 25 03:43:09 IST 2002


Funny you should bring that up now as I was just delving into that issue 
myself as quite a few users are "miffed" to say the least.  Email from sites 
such as HoustonChronicls, WSJ, and numerous others are now unable to get 
through.

Is this the expected behavior with the new mods?  If so, what's the best way 
to work this?

--Tim

On Tuesday 24 September 2002 22:15, you wrote:
> Hi all,
> I just upgraded to 3.23-1 two days ago.  Everything is working fine except
> that there are unusual amount of detection on "Possible Microsoft security
> vulnerability attack".  I was on 3.21-1 and guess this was not part of the
> feature.
>
> A brief check indicates that all came from a number of mailing lists that
> my users subscribe to.  Examples like Daily Dilbert list, Oracle list,CNet
> news.com list...etc.
>
> I haven't had time to try to dive into the detection perl code for it and
> is wondering if someone facing the similar issue.  From what I see, the is
> not configurable option on mailscanner.conf to control this new detection
> behaviour.
>
> Currently configured to keep whole infected message.  If someone wants to
> take a look at these messages, I can collect a few of them and email it.
>
> Siew Wu




More information about the MailScanner mailing list