Bug in filename rules handling?
Craig Pratt
craig at STRONG-BOX.NET
Tue Mar 11 08:06:47 GMT 2003
Have any of the "X-MailScanner" headers been added to the message?
If not, this might mean that MailScanner is not actually the one
delivering the message. Is it possible that sendmail is running behind
MS's back?
Craig
On Tuesday, March 11, 2003, at 12:01 AM, Remco Barendse wrote:
> This morning we have received a message with filename extension hiding.
> The attachment is named ACN.DOC.xls.doc
>
> Mar 10 17:38:12 linux MailScanner[17336]: New Batch: Scanning 1
> messages, 38249 bytes
> Mar 10 17:38:12 linux MailScanner[17336]: Virus and Content Scanning:
> Starting
> Mar 10 17:38:12 linux MailScanner[17336]: Filename Checks: Found
> possible filename hiding (ACN.DOC.xls.doc)
> Mar 10 17:38:12 linux MailScanner[17336]: Other Checks: Found 1
> problems
> Mar 10 17:38:12 linux MailScanner[17336]: Saved entire message to
> /var/spool/MailScanner/quarantine/20030310/h2AGcBSh018875
> Mar 10 17:38:12 linux MailScanner[17336]: Cleaned: Delivered 1 cleaned
> messages
>
> Although a notification was sent to postmaster that a virus had been
> caught, and the message subject was correctly modified and there was a
> notification inside the message to look inside VirusWarning.txt things
> didn't work.
>
> The attachment was let through 'as-is' without renaming or without
> removing it. Furthermore there was no VirusWarning.txt attached to the
> mail message although the body of the message referred to it. I have
> set
> however that warnings should *not* be sent as an attachment so maybe
> this
> is another bug?
>
> Things worked fine with the 4.12 release, this was found on release
> 4.13-3
>
> The message went through our Exchange server and because of a forward
> rule
> the message was sent outside again. Again MailScanner reported the
> problem
> but did not remove the attachment!
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
Craig Pratt
Strongbox Network Services Inc.
mailto:craig at strong-box.net
--
This message checked for dangerous content by MailScanner on StrongBox.
More information about the MailScanner
mailing list