Mydoom Virus getting Through - High Spam

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Fri Feb 13 14:18:32 GMT 2004

Kai Schaetzl wrote
>> Then suddenly a new exploit with a hitherto considered safe filetype
>> Boom!

> No Boom.

>> Virus scan everything first, then do the other checks.

> You did not understand. If a file is blocked by type, it is blocked. No
> If it is not blocked by type it is virus scanned. So, where's the problem?

I did say "a hitherto considered safe" filetype, i.e, one you let through.

Call me paranoid if you like, but I don't like the idea of having
virus-infected files sitting in quarantine without MailScanner telling me
that they are infected.

It's an accident waiting to happen.

Agreed, it's a small window of opportunity, but under pressure human error

> Back to your original question I hooked on: I see high-scoring spam marked
> as containing a virus as well, so there must be something different in
> setup if it doesn't work for you.

High Scoring Spam Actions = store delete



Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

More information about the MailScanner mailing list