Some Mydoom infected mail passing through MailScanner

Pete pete at eatathome.com.au
Tue Jan 27 12:02:51 GMT 2004 

Your Spam Actions say store AND deliver ... doesnt this mean the mail 
will be delivered?

Do you have 2 mailscanner servers, but the configs are different, 
therefore some MyDooms appear to get through, and some are blocked?

Just guessing

Plant, Dean wrote:

>Hello list,
>
>I have a problem with some copies of Mydoom infected mail still being
>delivered even though MailScanner has correctly detected the virus. I am
>using version 4.21-9 with sendmail, f-prot, clamav on Redhat 8. Is this a
>bug that is fixed in a later version of MailScanner?
>
>Below is a MailWatch report of one of the delivered infected mails.
>
>Thanks
>
>Dean Plant. 
>
>Received on: 27/01/04 09:41:19 
>Received by: rsys001x 
>Received from: halls-c196.lut.ac.uk (158.125.191.215) - Check in OpenRBL  
>ID: i0R9f8Ud006179 
>Message Headers: Return-Path: <g>
>Received: from lboro.ac.uk (halls-c196.lut.ac.uk [158.125.191.215])
>by rsys001x.roke.co.uk (8.12.8/8.12.8) with ESMTP id i0R9f8Ud006179
>for <xxx at roke.co.uk>; Tue, 27 Jan 2004 09:41:08 GMT
>Message-Id: <200401270941.i0R9f8Ud006179 at rsys001x.roke.co.uk>
>From: jose at lboro.ac.uk
>To: xxx at roke.co.uk
>Subject: Test
>Date: Tue, 27 Jan 2004 09:41:08 +0000
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
>boundary="----=_NextPart_000_0003_29F6388C.AD268899"
>X-Priority: 3
>X-MSMail-Priority: Normal 
>From: jose at lboro.ac.uk 
>To: xxx at roke.co.uk 
>Subject: Test 
>Size: 31.3Kb 
>Virus:  Y  
>Blocked File:  N  
>Other Infection:  N  
>Report: F-Prot:
>/var/spool/MailScanner/incoming/30032/i0R9f8Ud006179/document.zip->document.
>txt Infection: W32/Mydoom.A at mm ClamAV: document.zip contains Worm.SCO.A 
> 
>Spam:  Y   Action(s): store, attachment, deliver 
>High Scoring Spam:  N  
>Listed in RBL:  N  
>Whitelisted:  N  
>SpamAssassin Spam:  Y  
>SpamAssassin Score: 9.52 
>Spam Report: -1.52 BAYES_01   
>2.91 DCC_CHECK   
>1.59 MISSING_MIMEOLE   
>3.03 MSGID_FROM_MTA_SHORT   
>0.16 NO_REAL_NAME   
>1.21 PRIORITY_NO_NAME   
>1.10 RAZOR2_CF_RANGE_51_100   
>1.05 RAZOR2_CHECK 
> 
>
>  
>

More information about the MailScanner mailing list