Some Mydoom infected mail passing through MailScanner

Plant, Dean dean.plant at ROKE.CO.UK
Tue Jan 27 11:00:40 GMT 2004 

Hello list,

I have a problem with some copies of Mydoom infected mail still being
delivered even though MailScanner has correctly detected the virus. I am
using version 4.21-9 with sendmail, f-prot, clamav on Redhat 8. Is this a
bug that is fixed in a later version of MailScanner?

Below is a MailWatch report of one of the delivered infected mails.

Thanks

Dean Plant. 

Received on: 27/01/04 09:41:19 
Received by: rsys001x 
Received from: halls-c196.lut.ac.uk (158.125.191.215) - Check in OpenRBL  
ID: i0R9f8Ud006179 
Message Headers: Return-Path: <g>
Received: from lboro.ac.uk (halls-c196.lut.ac.uk [158.125.191.215])
by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id i0R9f8Ud006179
for <xxx at roke.co.uk>; Tue, 27 Jan 2004 09:41:08 GMT
Message-Id: <200401270941.i0R9f8Ud006179 at rsys001x.roke.co.uk>
From: jose at lboro.ac.uk
To: xxx at roke.co.uk
Subject: Test
Date: Tue, 27 Jan 2004 09:41:08 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0003_29F6388C.AD268899"
X-Priority: 3
X-MSMail-Priority: Normal 
From: jose at lboro.ac.uk 
To: xxx at roke.co.uk 
Subject: Test 
Size: 31.3Kb 
Virus:  Y  
Blocked File:  N  
Other Infection:  N  
Report: F-Prot:
/var/spool/MailScanner/incoming/30032/i0R9f8Ud006179/document.zip->document.
txt Infection: W32/Mydoom.A at mm ClamAV: document.zip contains Worm.SCO.A 
 
Spam:  Y   Action(s): store, attachment, deliver 
High Scoring Spam:  N  
Listed in RBL:  N  
Whitelisted:  N  
SpamAssassin Spam:  Y  
SpamAssassin Score: 9.52 
Spam Report: -1.52 BAYES_01   
2.91 DCC_CHECK   
1.59 MISSING_MIMEOLE   
3.03 MSGID_FROM_MTA_SHORT   
0.16 NO_REAL_NAME   
1.21 PRIORITY_NO_NAME   
1.10 RAZOR2_CF_RANGE_51_100   
1.05 RAZOR2_CHECK 
 

-- 
Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell,
Berkshire. RG12 8FZ

The information contained in this e-mail and any attachments is confidential to
Roke Manor Research Ltd and must not be passed to any third party without
permission. This communication is for information only and shall not create or
change any contractual relationship.

More information about the MailScanner mailing list