Bug in filename rules handling?

Craig Pratt craig at STRONG-BOX.NET
Tue Mar 11 08:46:27 GMT 2003


How about the "Deliver Disinfected Files" option? Wouldn't that produce
the behavior you're seeing?

# Should I attempt to disinfect infected attachments and then deliver
# the clean ones. "Disinfection" involves removing viruses from files
# (such as removing macro viruses from documents). "Cleaning" is the
# replacement of infected attachments with "VirusWarning.txt" text
# attachments.
# This can also be the filename of a ruleset.
Deliver Disinfected Files = yes

On Tuesday, March 11, 2003, at 12:36  AM, Remco Barendse wrote:
> Yes the headers were added as they should and the header also said
> 'found
> to be infected'
>
> Everything seems to be OK but the attachment was not removed and the
> VirusWarning was not inserted in the message as it should nor was it
> sent
> as an attachment.
>
> On Tue, 11 Mar 2003, Craig Pratt wrote:
>
>> Have any of the "X-MailScanner" headers been added to the message?
>>
>> If not, this might mean that MailScanner is not actually the one
>> delivering the message. Is it possible that sendmail is running behind
>> MS's back?
>>
>> Craig
>>
>> On Tuesday, March 11, 2003, at 12:01  AM, Remco Barendse wrote:
>>> This morning we have received a message with filename extension
>>> hiding.
>>> The attachment is named ACN.DOC.xls.doc
>>>
>>> Mar 10 17:38:12 linux MailScanner[17336]: New Batch: Scanning 1
>>> messages, 38249 bytes
>>> Mar 10 17:38:12 linux MailScanner[17336]: Virus and Content Scanning:
>>> Starting
>>> Mar 10 17:38:12 linux MailScanner[17336]: Filename Checks: Found
>>> possible filename hiding (ACN.DOC.xls.doc)
>>> Mar 10 17:38:12 linux MailScanner[17336]: Other Checks: Found 1
>>> problems
>>> Mar 10 17:38:12 linux MailScanner[17336]: Saved entire message to
>>> /var/spool/MailScanner/quarantine/20030310/h2AGcBSh018875
>>> Mar 10 17:38:12 linux MailScanner[17336]: Cleaned: Delivered 1
>>> cleaned
>>> messages
>>>
>>> Although a notification was sent to postmaster that a virus had been
>>> caught, and the message subject was correctly modified and there was
>>> a
>>> notification inside the message to look inside VirusWarning.txt
>>> things
>>> didn't work.
>>>
>>> The attachment was let through 'as-is' without renaming or without
>>> removing it. Furthermore there was no VirusWarning.txt attached to
>>> the
>>> mail message although the body of the message referred to it. I have
>>> set
>>> however that warnings should *not* be sent as an attachment so maybe
>>> this
>>> is another bug?
>>>
>>> Things worked fine with the 4.12 release, this was found on release
>>> 4.13-3
>>>
>>> The message went through our Exchange server and because of a forward
>>> rule
>>> the message was sent outside again. Again MailScanner reported the
>>> problem
>>> but did not remove the attachment!
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>> Craig Pratt
>> Strongbox Network Services Inc.
>> mailto:craig at strong-box.net
>>
>>
>> --
>> This message checked for dangerous content by MailScanner on
>> StrongBox.
>>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
Craig Pratt
Strongbox Network Services Inc.
mailto:craig at strong-box.net


--
This message checked for dangerous content by MailScanner on StrongBox.



More information about the MailScanner mailing list