sobig and MS headers
Antony Stone
Antony at SOFT-SOLUTIONS.CO.UK
Tue Aug 26 12:40:59 IST 2003
On Tuesday 26 August 2003 11:57 am, Paul wrote:
> Just got back from holiday, so only recently spotted this problem on the
> MailScanner site (http://www.sng.ecs.soton.ac.uk/mailscanner/sobig.html).
>
> I notice the default settings in MailScanner.conf is "Sign Messages Already
> Processed = no".
>
> Just to clarify, if a box running MailScanner with default settings
> receives the Sobig.F virus with the fake "X-MailScanner: Found to be clean"
> header, will it replace "X-MailScanner: Found to be clean" with
> "X-MailScanner: Found to be infected"?
Depends on your setting for "Multiple Headers" in MailScanner.conf :)
You can have append, add or replace. Append appends messages to the end of
the existing header; add adds a whole new header (and leaves the old one),
replace replaces the old header with the new one.
In no circumstance does MailScanner look at any existing X-MailScanner:
header and take action (or inaction) based on what it says.
Antony.
--
I vote "no" to this proposal to form a committee to investigate whether we
should or should not hold a ballot on whether to vote yet.
More information about the MailScanner
mailing list