Sophos thinks multi-part spanning zips are viruses

James Corell jcorell at IPRUS.NET
Wed Mar 10 13:33:00 GMT 2004

Didn't even realize that this was a configuration option. I've gone back in
and fixed up the config file, everything works.

As for policy and philosophy, I'm inclined to agree with Julian. Policy is
set by the suits around here, however. Slightly different? Try completely
opposite and, generally, *wrong*.

Julian, again, the configurability (is that a word?) of MailScanner has
saved my butt. A million thanks.

James Corell
111 West Mitchell, Suite E
Gaylord, MI 49735
(989) 732-1366

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Martin Sapsed
Sent: Wednesday, March 10, 2004 5:28 AM
Subject: Re: [MAILSCANNER] Sophos thinks multi-part spanning zips are

James Corell wrote:
> Actually, I'd like MailScanner not to consider an attachment a virus
> Sophos CONFIRMS that it is actually a virus (rather than simply failing to
> be able to scan it).

I think adding "part of multi volume archive" to the "Allowed Sophos
Error Messages" configuration item should do the trick.

Julian's philosophy is to deliver only that which he believes from the
information available to be safe. Because it would be very difficult to
assemble the parts of the attachment together so that he can be checked
properly, they're treated as potentially hostile and blocked.

You're suggesting a philosophy of deliver it unless you know it's not
safe which is slightly different.



Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

More information about the MailScanner mailing list