Fix -- Re: Mydoom Virus getting Through

Julian Field mailscanner at
Thu Feb 12 08:35:08 GMT 2004

Please try this patch instead of the new

cd /usr/lib/MailScanner/MailScanner
patch -p0 <
service MailScanner restart

If it still fails, set "Debug = yes" in MailScanner.conf, then

service MailScanner stop
sleep 15

and let me know what it says.

At 23:38 11/02/2004, you wrote:
>Looking at the log, I see that MailScanner failed to start.
>Ken Anderson wrote:
>>I tried installing this and restarted MailScanner, but I
>>quickly built up a large incoming queue and all exploding in /incoming
>>stopped happening. The directory stayed empty after restarting
>>MailScanner. I'm not sure what caused it, but things went back to normal
>>after I put the old back. I'm running 4.26.5, perhaps not a
>>recent enough version?
>>Ken A
>>Julian Field wrote:
>>>I have hopefully managed to make the MIME parser a lot more robust. It
>>>certainly appears to solve the current problem. If you are running a nice
>>>recent version, backup your old and replace it with this one.
>>>Then please test it against the copies of MyDoom that are getting
>>>The result of a fine evening spent wading through MIME-tools code and
>>>deciding that it can't rewind :-(
>>>Let me know how it goes.
>>>At 20:37 11/02/2004, you wrote:
>>>>Daniel Kleinsinger wrote:
>>>>>Julian Field wrote:
>>>>>>The message that contained the MyDoom that got through Sophos (before
>>>>>>3.78d) was actually a bounce from another mail server that included
>>>>>>entire text of the original message.
>>>>>>Fortunately it's not been a big problem so far, but I would quite
>>>>>>like to fix it if I can.
>>>>>I'm running Sophos in addition to Trend and F-Prot.  Using MailWatch I
>>>>>checked which virii got caught by which scanner and before installing
>>>>>3.78d Sophos was catching a few less MyDoom.A (5-20 of 300-500 total
>>>>>MyDoom.A slipped past Sophos everyday).  Since installing 3.78d
>>>>>(yesterday) Sophos is catching all that Trend and F-Prot are.  There
>>>>>still seem to be some people having issues with 3.78d, but in my
>>>>>case it
>>>>>seems like it was a problem with Sophos, not MailScanner.
>>>>I would suggest that this as much an antivirus issue. I run F-prot and
>>>>Antivir and until Antivir updated their engine about a week ago only
>>>>F-prot was reliably catching the bounce messages with the original
>>>>message attached. With the new engine, all is well again and both are
>>>>catching them. Looks like F-Prot had a better message scanning engine
>>>>than the others had at the time.
>>>>In line with our policy, this message has
>>>>been scanned for viruses and dangerous
>>>>content by MailScanner, and is believed to be clean.
>>>Julian Field
>>>Professional Support Services at
>>>MailScanner thanks transtec Computers for their support
>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/octet-stream
Size: 10165 bytes
Desc: not available
Url :
-------------- next part --------------
Julian Field
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list