Admin email

Max Kipness mkipness at GENIANT.COM
Tue Aug 5 14:32:59 IST 2003


It's strange but I've tried both:

deny    message.zip$            "mimaila" virus          "mimaila" virus

deny    message\.zip$            "mimaila" virus         "mimaila" virus


I've done both a reload and restart and they keep coming through during
tests. Logs say:

Filename Checks: Allowing message.zip

Should there be one tab between seperating each piece? It seems like on
some of the default settings in this file there are 6 tabs between the
two names of the virus.

Thanks,
Max


> -----Original Message-----
> From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK] 
> Sent: Tuesday, August 05, 2003 1:18 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Admin email
> 
> 
> At 07:10 05/08/2003, you wrote:
> >Will the following work?
> >
> >deny    message.zip$            "mimaila" virus         
> "mimaila" virus
> 
> I would replace . with \. as you really mean "the character 
> dot" and not "any single character".
> 
> 
> >Make sure each part is separated with tabs.
> >
> >Stephen
> >
> >On Mon, 2003-08-04 at 20:30, Max Kipness wrote:
> > > What about a file rule for message.zip? Has anybody tried that? 
> > > Everytime I try one of these I end up with a syntax error in the 
> > > logs.
> > >
> > > I will look for the Sophos update and the version of MailScanner 
> > > based on another reply to this.
> > >
> > > Thanks,
> > > Max
> > >
> > > > -----Original Message-----
> > > > From: Steve Thomas [mailto:lists at STHOMAS.NET]
> > > > Sent: Monday, August 04, 2003 10:23 PM
> > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > Subject: Re: Admin email
> > > >
> > > >
> > > > On Mon, Aug 04, 2003 at 09:31:21PM -0500, Max Kipness 
> is rumored 
> > > > to have said:
> > > > >
> > > > > My company hosts quite a few domains, and last Friday 
> we started 
> > > > > getting emails admin at ourdomains.com with an attachment:
> > > > message.zip.
> > > > > The attached seems to make it through Fprot and 
> Sophos ok, and I 
> > > > > haven't even bother to open it and see what it is. My 
> question 
> > > > > is whether I could add a rule in spam.blacklist.rules like:
> > > >
> > > > Sophos should be picking it up - it's the latest and greatest 
> > > > virus and it's spreading pretty quick - make sure you've got 
> > > > sophos updated and email all your users (or just the ones that 
> > > > received it) and tell them not to open it.
> > > >
> > > >
> > > > --
> > > > "Plato was a bore."
> > > > - Friedrich Nietzsche (1844-1900)
> > > >
> 
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> 




More information about the MailScanner mailing list