Mydoom Virus getting Through - High Spam
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Fri Feb 13 14:18:32 GMT 2004
Kai Schaetzl wrote
>> Then suddenly a new exploit with a hitherto considered safe filetype
appears.
>>
>> Boom!
> No Boom.
>> Virus scan everything first, then do the other checks.
> You did not understand. If a file is blocked by type, it is blocked. No
Boom.
> If it is not blocked by type it is virus scanned. So, where's the problem?
I did say "a hitherto considered safe" filetype, i.e, one you let through.
Call me paranoid if you like, but I don't like the idea of having
virus-infected files sitting in quarantine without MailScanner telling me
that they are infected.
It's an accident waiting to happen.
Agreed, it's a small window of opportunity, but under pressure human error
occurs.
> Back to your original question I hooked on: I see high-scoring spam marked
> as containing a virus as well, so there must be something different in
your
> setup if it doesn't work for you.
High Scoring Spam Actions = store delete
Cheers,
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
More information about the MailScanner
mailing list