Sophos thinks multi-part spanning zips are viruses
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Mar 9 20:26:40 GMT 2004
At 19:52 09/03/2004, you wrote:
>Has anyone seen this error?
>
> >>> BEGIN
>
>The original attachment to this e-mail message (BACKUP.ZIP) contained a
>virus
>and has been removed.
>
> Tue Mar 9 14:17:14 2004 the virus scanner said:
> Sophos: Could not check BACKUP.ZIP/TURBO.MDB (part of multi volume
>archive)
> Sophos: Could not check BACKUP.ZIP (part of multi volume archive)
>
> >>> END
>
>Is this something Sophos needs to address, or is there something MailScanner
>can do about it? I'd like to let my customers pass these kinds of zips
>through the server, while leaving normal virus scanning intact.
>
>Maybe Julian knows: Does Sophos pass back only one kind of error code, or
>does MailScanner assume any error code from a scanner is a detected virus?
>Are error codes used at all or is STDERR text used instead?
The output text is used, not the error codes. Would you like me to ban
parts of multi-volume archives?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list