Bug in filename rules handling?
mailscanner at BARENDSE.TO
Tue Mar 11 08:36:59 GMT 2003
Yes the headers were added as they should and the header also said 'found
to be infected'
Everything seems to be OK but the attachment was not removed and the
VirusWarning was not inserted in the message as it should nor was it sent
as an attachment.
On Tue, 11 Mar 2003, Craig Pratt wrote:
> Have any of the "X-MailScanner" headers been added to the message?
> If not, this might mean that MailScanner is not actually the one
> delivering the message. Is it possible that sendmail is running behind
> MS's back?
> On Tuesday, March 11, 2003, at 12:01 AM, Remco Barendse wrote:
> > This morning we have received a message with filename extension hiding.
> > The attachment is named ACN.DOC.xls.doc
> > Mar 10 17:38:12 linux MailScanner: New Batch: Scanning 1
> > messages, 38249 bytes
> > Mar 10 17:38:12 linux MailScanner: Virus and Content Scanning:
> > Starting
> > Mar 10 17:38:12 linux MailScanner: Filename Checks: Found
> > possible filename hiding (ACN.DOC.xls.doc)
> > Mar 10 17:38:12 linux MailScanner: Other Checks: Found 1
> > problems
> > Mar 10 17:38:12 linux MailScanner: Saved entire message to
> > /var/spool/MailScanner/quarantine/20030310/h2AGcBSh018875
> > Mar 10 17:38:12 linux MailScanner: Cleaned: Delivered 1 cleaned
> > messages
> > Although a notification was sent to postmaster that a virus had been
> > caught, and the message subject was correctly modified and there was a
> > notification inside the message to look inside VirusWarning.txt things
> > didn't work.
> > The attachment was let through 'as-is' without renaming or without
> > removing it. Furthermore there was no VirusWarning.txt attached to the
> > mail message although the body of the message referred to it. I have
> > set
> > however that warnings should *not* be sent as an attachment so maybe
> > this
> > is another bug?
> > Things worked fine with the 4.12 release, this was found on release
> > 4.13-3
> > The message went through our Exchange server and because of a forward
> > rule
> > the message was sent outside again. Again MailScanner reported the
> > problem
> > but did not remove the attachment!
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> Craig Pratt
> Strongbox Network Services Inc.
> mailto:craig at strong-box.net
> This message checked for dangerous content by MailScanner on StrongBox.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner