MailScanner issue not detecting MyDoom-0 [Re: nested .zip containing bad files not being caught]
Stephen Swaney
steve.swaney at FSL.COM
Tue Jul 27 03:24:17 IST 2004
I've loaded the new Message.pm on all of our test systems and can't see any
adverse consequences. It's late here and I'm a bit to tired to test against
some of the files that have been slipping thru. Perchance someone in a
different time zone can check that out :>)
Julian,
Thanks (as usual) for an incredibly speedy fix and have a great time in
Portland OR - wherever that is!
G'night
Steve
Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney at FSL.com
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: Monday, July 26, 2004 8:20 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: MailScanner issue not detecting MyDoom-0 [Re: nested .zip
> containing bad files not being caught]
>
> The problem isn't quite as you have been describing it, but it causes the
> symptom you are seeing.
> Attached is a new Message.pm. Sorry I haven't got a patch but this is at
> short notice and I can't get my VPN connection to stay up for more than 2
> minutes at a time through this hotel's network.
>
> At 22:06 26/07/2004, you wrote:
> >Drew,
> >
> >Drew Marshall said the following on 26-Jul-04 22:42:
> >>Stijn Jonker wrote:
> >>
> >>>The longer explanation is below, but as far as I can tell the reason
> for
> >>>non detection is that the zip file inside the original zip file has the
> >>>same name. I think the explanation is below, and it is pointing towards
> >>>mailscanner.
> >>
> >>Interestingly I can't get anything to detect a problem with these two
> >>files either zipped or not. Very strange as they must be viruses but
> >>neither f-prot or clam want to find anything wrong... I have the latest
> >>definitions
> >
> >Could you check the files within: http://www.sjc.nl/MS/ for me?
> >
> >These are the two that are causing me issues?
> >
> >Maybe it's not the same as Bob is seeing.
> >
> >--
> >Met Vriendelijke groet/Yours Sincerely
> >Stijn Jonker <SJCJonker at sjc.nl>
> >
> >-------------------------- MailScanner list ----------------------
> >To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> >Before posting, please see the Most Asked Questions at
> >http://www.mailscanner.biz/maq/ and the archives at
> >http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Fortress Systems Ltd.
www.fsl.com
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list