Help. When a email is found on a blacklist, is the email checked for viruses?

Joe Young joe.young at STERLING.NET
Fri Dec 3 18:22:46 GMT 2004 

        Quick question. When the email comes into Mailscanner, does
Mailscanner check viruses then check the blacklists. Or does Mailscanner
check blacklists then for viruses. If a email is found in the blacklist does
the email get scanned for viruses? Is there config settings that I need to
look at?

        My reason for asking is one of my clients report that he found a
virus that passed through our filtering server. He reports that
W32.Mydoom.M at mm  successfully in passing our filter server. The filtering
server is running

        sendmail                ver.    8.11.6
        Mailscanner     ver.    4.28.6
        F-PROT   Prog ver.      4.4.7
                        Engine ver. 3.14.13

        VIRUS SIGNATURE FILES
        SIGN.DEF created 30 November 2004
        SIGN2.DEF created 30 November 2004
        MACRO.DEF created 29 November 2004

I verified that W32.Mydoom.M at mm was in the virus definitions and that his
email indeed when through the filter server.  Here is the raw email...


X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Received: from coelacanth.sterling.net [199.108.228.124] by
sterling-imail.sterlink.net with ESMTP
  (SMTPD32-8.13) id AF21202B00B2; Thu, 02 Dec 2004 16:11:13 -0800
Received: from cooneyllc.com ([64.95.72.33])
 by coelacanth.sterling.net (8.11.6/8.11.6) with ESMTP id iB30B6S30760
 for <pcooney at cooneyllc.com>; Thu, 2 Dec 2004 16:11:06 -0800
Message-Id: <200412030011.iB30B6S30760 at coelacanth.sterling.net>
From: "Mail Administrator" <MAILER-DAEMON at cooneyllc.com>
To: pcooney at cooneyllc.com
Subject: [SPAM]: Returned mail: see transcript for details
Date: Thu, 2 Dec 2004 19:11:05 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_NextPart_000_0003_67BF40E3.78DFFDA3"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SBL+XBL
X-MailScanner-From: mailer-daemon at cooneyllc.com
X-RCPT-TO: <pcooney at cooneyllc.com>
Status: R
X-UIDL: 323874575

This is a multi-part message in MIME format.

------=_NextPart_000_0003_67BF40E3.78DFFDA3
Content-Type: text/plain;
 charset=us-ascii
Content-Transfer-Encoding: 7bit

The original message was included as attachment


------=_NextPart_000_0003_67BF40E3.78DFFDA3
Content-Type: plain/text;
 name="Norton AntiVirus Deleted-1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Norton AntiVirus Deleted-1.txt"

Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBwY29vbmV5QGNvb25l
eWxsYy5jb20uemlwLg0KVGhlIFczMi5NeWRvb20uTUBtbSB0aHJlYXQgd2FzIGRldGVjdGVk
IGluIHRoZSBhdHRhY2htZW50Lg==

------=_NextPart_000_0003_67BF40E3.78DFFDA3--






----- Original Message -----
From: "Mail Administrator" <MAILER-DAEMON at cooneyllc.com>
To: <pcooney at cooneyllc.com>
Sent: Thursday, December 02, 2004 4:11 PM
Subject: [SPAM]: Returned mail: see transcript for details


> The original message was included as attachment
>
>




Support - Joe Young
(503) 968-8908 x223
Sterling Internet Solutions, Inc.
support at sterling.net
www.sterling.net

For network status and outage information, please see:
http://www.sterling.net/support/network_status.cfm

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list