[URGENT] How to intercept a copy of virus-infected message?

Mike Brudenell pmb1 at YORK.AC.UK
Fri Apr 30 10:23:33 IST 2004


Greetings -

I believe our site is being copies of a virus (probably Bagle-X or a
variant) that Sophos Anti-Virus is not identifying.  At present the
messages are only being blocked because we have MailScanner configured not
to allow attachments with filename suffixes such as ".hta" etc.

Sophos (the company!) have asked me to grab a couple of these messages and
send them in for analysis.

Plese could someone quickly explain how to configure MailScanner (4.29.3)
to intercept such a message: ideally forwarding it to a specific e-mail
address or, second choice, to quarantine its Sendmail queue files?

Ideally I guess I'd just like to intercept messages which are being blocked
because they are failing the filename based checks; I'm not particularly
interested in getting the ones infected with known viruses because, well,
Sophos Anti-Virus already knows them!  :-}

With many thanks,

Mike B-)

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/     and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list