Question about quarentining dangerous content?
Phil Kendall
philk at TCP.NET.UK
Mon Sep 1 17:41:14 IST 2003
We upgraded to from 4.20-3 to 4.24.11 today.
The following mail was picked up as having dangerous content:
Sep 1 17:10:27 MailScanner[18581]: Content Checks: Detected
HTML-specific exploits in h81GANmM026123
Sep 1 17:10:27 MailScanner[18581]: Saved infected "msg-18581-834.html"
to /var/spool/MailScanner/quarantine/20030901/h81GANmM026123
The file that was quarantined was not the original message but the in
fact the stored.content.message.txt
We have Quarantine Infections = yes & Quarantine Whole Message = no set
in the MailScanner.conf file.
Is this the behaviour we should expect?
Is it possible to have it so that dangerous content is quarantined &
infected attachments without having to quartine the entire message?
Phil Kendall
Technical Systems Administrator
TCP - Europacom.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030901/3cbeb3ff/attachment.html
More information about the MailScanner
mailing list