Klez not silent?
Bob Fayne
festus at DNSDATA.COM
Mon Apr 14 11:36:44 IST 2003
I am using ClamAV with MailScanner v.4.13-3 and I am having trouble with
Klez viruses not being blocked. Here's what my log shows:
Apr 13 03:07:44 host MailScanner[9374]:
/xxx/MailScanner/incoming/9374/./h3B87cbA009544/msg-9374-6.html:
Exploit.IFrame.HTML FOUND
Apr 13 03:07:44 host MailScanner[9374]:
/xxx/MailScanner/incoming/9374/./h3B87cbA009544/TO TOP.exe: Worm/Klez.H FOUND
Apr 13 03:07:44 host MailScanner[9374]: Virus Scanning: clamav found 2
infections
Apr 13 03:07:44 host MailScanner[9374]: Virus Scanning: Found 2 viruses
Apr 13 03:07:44 host MailScanner[9374]: HTML IFrame tag found in message
from xxx at xxx.xxx
Apr 13 03:07:45 host MailScanner[9374]: Uninfected: Delivered 1 messages
This is the relevant lines from my config:
Silent Viruses = Klez Klez.H Worm/Klez.H Yaha-E Bugbear Braid-A WinEvar
Still Deliver Silent Viruses = no
Allow IFrame Tags = yes
Log IFrame Tags = yes
Shouldn't MailScanner just delete that message? I'm not sure why it's
still getting delivered.
More information about the MailScanner
mailing list