whoa! Palyh-A getting thru MS 4.20-3

Julian Field mailscanner at ecs.soton.ac.uk
Mon May 19 19:20:13 IST 2003

I have just re-installed 4.20-3 to try to re-create this (detecting as spam
while also containing Palyh). I can't make MailScanner leave this virus in

The spam checking is done before the virus scanning, but the striphtml
action is not applied until later. But the attachments should get stripped
if they contain viruses anyway.

I have re-ordered some of this code in the beta 4.21 code, but it shouldn't
affect functionality much (I did it to slightly improve it and to cope with
spam that contained viruses being turned into an RFC822 attachment while
still being virus scanned properly).

Can anyone prove this virus is actually getting through? If so, please feel
free to send me some sample messages (in a password-protected zip file).

At 19:10 19/05/2003, you wrote:
>On 19 May 2003 at 13:05, mikea wrote:
> > On Mon, May 19, 2003 at 01:53:55PM -0400, Jeff A. Earickson wrote:
> >
> > > I have had a couple of queries this morning about why people got email
> > > from microsoft (I got one too), but the email had no attachment.  How
> > > come SA scanned the message before the virus scan above?
> >
> > I'm signed on to a list which did the same thing this morning. I don't
> > _mind_ too much that the mail got through, since the attachment was
> > quarantined or otherwise yanked, but it would be better to have the
> > whole thing stopped in its tracks before it ever hits the outbound
> > NIC.
> >
> > In my case (and that of the other list), the virus is *not* being
> > delivered.
>It's not particular to any list "stripping" the attachment, my
>colleague seems to have a received a number of messages today without
>any attachment so my guess would be that the virus is slightly
>This communication may contain privileged or confidential information which
>is for the exclusive use of the intended recipient.  If you are not the
>intended recipient, please note that you may not distribute or use this
>communication or the information it contains.  If this e-mail has reached you
>in error, please delete it and any attachment.
>Internet communications are not secure and Barnet College does not accept
>legal responsibility for the content of this message.  Any views or opinions
>expressed are those of the author and not necessarily those of Barnet College.
>Please note that Barnet College reserves the right to monitor the
>source/destinations of all incoming or outgoing e-mail communications.

Julian Field
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list