mailscanner is not processing virus mails of the same kind the same way

Kim Schulz kim at SCHULZ.DK
Thu Aug 21 09:33:57 IST 2003


On Thu, 21 Aug 2003 09:26:52 +0100
Antony Stone <Antony at SOFT-SOLUTIONS.CO.UK> wrote:
> On Wednesday 20 August 2003 11:28 pm, Kim Schulz wrote:
>
> > Hi
> >
> > here's a bit from the messages log:
>
> Message PAA31834 identified as containing Sobig.F in application.pif
> Message QAA03813 contains a .txt attachment, which probably contains a
> bounce message, itself containing a .pif attachment which is infected
> with Sobig.F Message QAA03969 identified as containing Sobig.F in
> application.pif Message QAA04585 identified as containing Sobig.F in
> application.pif
>
> > Has anyone else experienced that mails with viruses like this can
> > get right through the filter and get the status Clean?
>
> Which of these messages from your log got the status "clean".   As far
> as I can tell, they were all identified as containing Sobig.F
>
> Three were original messages and one was a non-delivery bounce.


yeah I couldn't find the clean ones in the log, but could see that there
was a difference in the lines just around there where I pasted the lines
from. I had Mailscanner set to not show filenames that are clean (I
changed that last night so I expect to see changes today).
The lines i pasted was actually more to show that mailscanner couldn't
decide  whether to call the message a filename atack or a virus atack.



More information about the MailScanner mailing list