tons of infected files getting though???

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Wed Jan 28 13:22:51 GMT 2004


There's a whole thread on the ClamAV users mailing list about this - they
appear to be bounces.

Phil

---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Desai, Jason
> Sent: 27 January 2004 19:27
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: tons of infected files getting though???
>
>
> I've noticed that ClamAV has not been finding SCO.A when they
> are inside of
> a mail delivery failure message.  McAfee however does find it
> (calling it
> Mydoom).
>
> I can take the email and scan it with ClamAV, but it will not
> find anything.
> But if I decode the attachment and scan it with ClamAV,
> ClamAV will find
> SCO.A.
>
> Could it be that the ones that are getting through are
> delivery failure
> notifications?  I don't know if it's a bug in ClamAV or if it
> could be fixed
> with updating the virus definitions, but I don't think it's a
> MailScanner
> bug.
>
> Jason
>
> > -----Original Message-----
> > From: Chris Yuzik [mailto:chris at FRACTALWEB.COM]
> > Sent: Tuesday, January 27, 2004 2:23 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: [MAILSCANNER] tons of infected files getting though???
> >
> >
> > Hi everyone,
> >
> > I was having a hard look through my logs and such and also looking
> > though MailWatch. I see quite a few emails that definitely
> contain the
> > virus that were only tagged as spam. I can see nothing in
> > /var/log/maillog that indicates why this message would not have been
> > marked as infected. I've even forwarded a couple of them to
> myself and
> > there's no doubt about it...it's the SCO.A or Navarg or
> whatever. If I
> > save the attachment, then scp it to my mailserver and run
> clamscan on
> > it, everything works great and ClamAV correctly identifies
> the virus.
> >
> > For yesterday alone, my system saw 106 messages that it
> found infected
> > with the virus, and an additional 80 that slipped by. WTF???
> >
> > Is it possible that MailScanner isn't getting clamav to scan all the
> > attachments? How do I go about troubleshooting this? Urgent
> help would
> > be appreciated.
> >
> > Cheers,
> > Chris
> >
>



More information about the MailScanner mailing list