Klez not silent?
Julian Field
mailscanner at ecs.soton.ac.uk
Mon Apr 14 12:09:29 IST 2003
At 11:36 14/04/2003, you wrote:
>I am using ClamAV with MailScanner v.4.13-3 and I am having trouble with
>Klez viruses not being blocked. Here's what my log shows:
>
>Apr 13 03:07:44 host MailScanner[9374]:
>/xxx/MailScanner/incoming/9374/./h3B87cbA009544/msg-9374-6.html:
>Exploit.IFrame.HTML FOUND
>Apr 13 03:07:44 host MailScanner[9374]:
>/xxx/MailScanner/incoming/9374/./h3B87cbA009544/TO TOP.exe: Worm/Klez.H FOUND
>Apr 13 03:07:44 host MailScanner[9374]: Virus Scanning: clamav found 2
>infections
>Apr 13 03:07:44 host MailScanner[9374]: Virus Scanning: Found 2 viruses
>Apr 13 03:07:44 host MailScanner[9374]: HTML IFrame tag found in message
>from xxx at xxx.xxx
>Apr 13 03:07:45 host MailScanner[9374]: Uninfected: Delivered 1 messages
>
>
>This is the relevant lines from my config:
>
>Silent Viruses = Klez Klez.H Worm/Klez.H Yaha-E Bugbear Braid-A WinEvar
>Still Deliver Silent Viruses = no
>Allow IFrame Tags = yes
>Log IFrame Tags = yes
>
>
>Shouldn't MailScanner just delete that message? I'm not sure why it's
>still getting delivered.
Can you confirm that the batch of messages was only 1 message? If it was 2
messages then the log lines would match what I expect. Otherwise there
might be a bug in the Clam output parser. It was written by
<adrian at smop.co.uk>.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list