Rules

Jose Julian Buda jbuda at NOTICIASARGENTINAS.COM
Wed Dec 29 15:58:17 GMT 2004 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This is the log for the email i am talking about :

...
Dec 28 15:45:44 serverna postfix/smtpd[2067]: 148466DDE7:
client=host213.200-43-169.telecom.net.ar[200.43.169.213]
Dec 28 15:45:45 serverna postfix/cleanup[2068]: 148466DDE7: hold: header
Received: from fdjrsd.ar (host213.200-43-169.telecom.net.ar
[200.43.169.213])??by mail.noticiasargentinas.com.ar (Postfix) with SMTP id
148466DDE7;??Tue, 28 Dec 2004 15:45:43 -0300 (ART) from
host213.200-43-169.telecom.net.ar[200.43.169.213];
from=<Auto-Mailer at senado.gov.ar> to=<myboss at noticiasargentinas.com>
proto=SMTP helo=<fdjrsd.ar>
Dec 28 15:45:45 serverna postfix/cleanup[2068]: 148466DDE7:
message-id=<72da.b6fcaadbcc9dcbe at senado.gov.ar>
Dec 28 15:45:56 serverna MailScanner[32201]: Requeue: 148466DDE7 to
1CF476DDEA
Dec 28 15:45:56 serverna postfix/qmgr[506]: 1CF476DDEA:
from=<auto-mailer at senado.gov.ar>, size=79614, nrcpt=7 (queue active)
Dec 28 15:45:56 serverna postfix/local[2114]: 1CF476DDEA:
to=<administracion at noticiasargentinas.com>, relay=local, delay=13,
status=sent (delivered to mailbox)
Dec 28 15:45:56 serverna postfix/local[2300]: 1CF476DDEA:
to=<myboss at noticiasargentinas.com>, relay=local, delay=13, status=sent
(delivered to mailbox)
Dec 28 15:45:56 serverna postfix/local[2114]: 1CF476DDEA:
to=<comercial at noticiasargentinas.com>, relay=local, delay=13, status=sent
(delivered to mailbox)
Dec 28 15:45:56 serverna postfix/local[2300]: 1CF476DDEA:
to=<economia at noticiasargentinas.com>, relay=local, delay=13, status=sent
(forwarded as 6343D6DDE7)
Dec 28 15:45:56 serverna postfix/local[2300]: 1CF476DDEA:
to=<politica at noticiasargentinas.com>, relay=local, delay=13, status=sent
(forwarded as 6B5BB6DDEB)
Dec 28 15:45:56 serverna postfix/local[2114]: 1CF476DDEA:
to=<gerencia at noticiasargentinas.com>, relay=local, delay=13, status=sent
(delivered to mailbox)
Dec 28 15:45:56 serverna postfix/local[2300]: 1CF476DDEA:
to=<tecnica at noticiasargentinas.com>, relay=local, delay=13, status=sent
(delivered to mailbox)
Dec 28 15:45:56 serverna postfix/qmgr[506]: 1CF476DDEA: removed
....

the original message(148466DDE7) was to "to=<myboss at noticiasargentinas.com>"
the requede message(1CF476DDEA ) pass through the mailscanner proccess...and
all the mailbox with virus...
i dont understand



----- Original Message -----
From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, December 29, 2004 12:17 PM
Subject: Re: Rules


If any of the recipients requested scanning, then the message is
scanned. A message with many recipients is treated as one message.

Jose Julian Buda wrote:

> i have postfix+mailscanner+clamav
>
> i have just this rules Virus Scanning ruleset :
>
> ...
> FromOrTO :  myboss at noticiasargentinas.com
> <mailto:myboss at noticiasargentinas.com>  no
> FromOrTO :  myboss at noticiasargentinas.com.ar
> <mailto:myboss at noticiasargentinas.com.ar>  no
> FromOrTO :  default  yes
> ...
>
>
> to not scan the myboss mailbox...
> but today happen that i recieve an email whit virus on
> jbuda at noticiasargentinas.com <mailto:jbuda at noticiasargentinas.com>
> seeing the email source and the email id i saw that really the
> mail-scanning procces was bypassed
> because an email was sent To:myboss with bcc to jbuda
> is that posible?
> the address on bcc field are not scanned if the "To:" field is seted
> to be bypassed?
>  or am i missing something?

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list