Mimail virus

Miguel Koren OBrien de Lacy miguelk at konsultex.com.br
Thu Nov 6 02:05:07 GMT 2003


In my case blocking by name was the simplest solution. There is another configuration
file in /etc/Mailscanner where you can block by file type. I assume it works in a
similar way.

Miguel

--
Konsultex Informatica (http://www.konsultex.com.br)

---------- Original Message -----------
From: kfliong <kfliong at WOFS.COM>
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thu, 6 Nov 2003 09:44:53 +0800
Subject: Re: Mimail virus

> Blocking zip files is not an option because anyone who uses attachment 
> would know that a lot of files comes in zip format. Files like exe and com 
> and other blocked files are zipped in order to go through email servers 
> which most probably already blocking these formats. So, if we were to block 
> zip files as well then i would sure get lots of complains from my users. Is 
> there a way I could block by using MiMail header or the contents? Or does 
> the zip file always have that name? If yes then perhaps we could block it 
> based on the attachment name.
> 
> Thanks in advance.
> 
> At 07:00 PM 11/5/2003, you wrote:
> >Content-Transfer-Encoding: 8bit
> >
> >There are currently 2 problems:
> >
> >a) Julian wrote a patch that solves a problem with interpreting the output 
> >from Calm in some cases (Mimail.C)
> >b) clamscan 0.6 has a problem opening the zipped file with Mimail.G
> >
> >So, the best bet today is to block zip files in the configuration. 
> >Tomorrow there is suppoesed to be a new stable version of Clam which 
> >solves the problem. hem you can install it and apply the patch. If you 
> >need this today, any cvs snapshot (of Clam) apparently slves the problem.
> >
> >There is also another solution by running in the mailing list, 
> >"--diasble-archive" but I'm not sure what  that really does. I tried it 
> >and it worked for me.
> >
> >Miguel
> >
> >kfliong wrote:
> >
> >>How come Mimail virus is getting through my mailscanner + clamav setup? Can
> >>I  add mimail into my config file like how I added sobig into the config to
> >>stop it from coming into my server?
> >
> >
> >
> >--
> >Esta mensagem foi verificada pelo sistema de antivírus e
> >acredita-se estar livre de perigo.
> 
> -- 
> Esta mensagem foi verificada pelo sistema de antivírus e
>  acredita-se estar livre de perigo.
------- End of Original Message -------


-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.




More information about the MailScanner mailing list