Zip files checking

Rick Cooper rcooper at DWFORD.COM
Wed Apr 7 16:47:08 IST 2004 

I did the same test, first one through with checking turned off for the host
I sent from so I could receive the zip with the exe in it. returned rules to
normal so all check would be on and it passed the forwarded exe in the zip
file. Then tried to send the same file to same address without forwarding
and it was blocked. My MailScanner log for the two events:

Forwarded message:

Apr  7 10:32:07 srv2 MailScanner[23024]: New Batch: Scanning 1 messages,
974634 bytes
Apr  7 10:32:07 srv2 MailScanner[23024]: Spam Checks: Starting
Apr  7 10:32:09 srv2 MailScanner[23024]: Virus and Content Scanning:
Starting
Apr  7 10:32:13 srv2 MailScanner[23024]: Uninfected: Delivered 1
messagesNormal message:

Normal Message:

Apr  7 10:33:31 srv2 MailScanner[23120]: New Batch: Scanning 1 messages,
974473 bytes
Apr  7 10:33:31 srv2 MailScanner[23120]: Spam Checks: Starting
Apr  7 10:33:32 srv2 MailScanner[23120]: Virus and Content Scanning:
Starting
Apr  7 10:33:37 srv2 MailScanner[23139]: MailScanner E-Mail Virus Scanner
version 4.29.7 starting...
Apr  7 10:33:38 srv2 MailScanner[23139]: Using Custom Function file
/opt/MailScanner/lib/MailScanner/CustomFunctions/MyExample.pm
Apr  7 10:33:40 srv2 MailScanner[23120]: Filename Checks: Windows/DOS
Executable (1BBF3B-00060P-9A McAfeestinger.exe)
Apr  7 10:33:40 srv2 MailScanner[23120]: Filetype Checks: No executables
(1BBF3B-00060P-9A McAfeestinger.exe)
Apr  7 10:33:40 srv2 MailScanner[23120]: Other Checks: Found 2 problems
Apr  7 10:33:40 srv2 MailScanner[23120]: Cleaned: Delivered 1 cleaned
messages
Apr  7 10:33:40 srv2 MailScanner[23120]: Notices: Warned about 1 messages



> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Wednesday, April 07, 2004 8:48 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Zip files checking
>
>
> Please can you double check this and your mail setup to ensure mail is
> taking the route you think it is. MailScanner neither knows nor cares
> whether a message is forwarded unless you are using rulesets on the
> relevant configuration options.
>
> At 20:49 06/04/2004, you wrote:
> >I'm sending this e-mail again because my configuration on the list was
> >incorrect, and I don't know if it already was sended or because of this
> >"misconfiguration" the email didn't gone at the first time.. (sorry)
> >
> >I found a strange problem in MailScanner. I just updated my
> MailScanner to
> >version 4.29-7, and now I was testing the zip file checking.
> >
> >I send an e-mail with an .exe file inside an .zip file, and mailscanner
> >blocked it. Great! It worked!
> >
> >And then I forwarded this .zip file, and this time the .zip file passet
> >through mailscanner.
> >
> >Then I made several other tests, and found out that every .zip file in
> >e-mails are checked and blocked, but if the e-mail is forwarded, the .zip
> >file always passes through.
> >
> >Any ideas to correct this problem?
> >
> >Roger Jochem
> >SBS - SC
> >Brazil
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>

More information about the MailScanner mailing list