Mimail virus
Miguel Koren OBrien de Lacy
miguelk at konsultex.com.br
Thu Nov 6 02:05:07 GMT 2003
In my case blocking by name was the simplest solution. There is another configuration
file in /etc/Mailscanner where you can block by file type. I assume it works in a
similar way.
Miguel
--
Konsultex Informatica (http://www.konsultex.com.br)
---------- Original Message -----------
From: kfliong <kfliong at WOFS.COM>
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thu, 6 Nov 2003 09:44:53 +0800
Subject: Re: Mimail virus
> Blocking zip files is not an option because anyone who uses attachment
> would know that a lot of files comes in zip format. Files like exe and com
> and other blocked files are zipped in order to go through email servers
> which most probably already blocking these formats. So, if we were to block
> zip files as well then i would sure get lots of complains from my users. Is
> there a way I could block by using MiMail header or the contents? Or does
> the zip file always have that name? If yes then perhaps we could block it
> based on the attachment name.
>
> Thanks in advance.
>
> At 07:00 PM 11/5/2003, you wrote:
> >Content-Transfer-Encoding: 8bit
> >
> >There are currently 2 problems:
> >
> >a) Julian wrote a patch that solves a problem with interpreting the output
> >from Calm in some cases (Mimail.C)
> >b) clamscan 0.6 has a problem opening the zipped file with Mimail.G
> >
> >So, the best bet today is to block zip files in the configuration.
> >Tomorrow there is suppoesed to be a new stable version of Clam which
> >solves the problem. hem you can install it and apply the patch. If you
> >need this today, any cvs snapshot (of Clam) apparently slves the problem.
> >
> >There is also another solution by running in the mailing list,
> >"--diasble-archive" but I'm not sure what that really does. I tried it
> >and it worked for me.
> >
> >Miguel
> >
> >kfliong wrote:
> >
> >>How come Mimail virus is getting through my mailscanner + clamav setup? Can
> >>I add mimail into my config file like how I added sobig into the config to
> >>stop it from coming into my server?
> >
> >
> >
> >--
> >Esta mensagem foi verificada pelo sistema de antivírus e
> >acredita-se estar livre de perigo.
>
> --
> Esta mensagem foi verificada pelo sistema de antivírus e
> acredita-se estar livre de perigo.
------- End of Original Message -------
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
More information about the MailScanner
mailing list