Slient Virus

Chris Conn cconn at ABACOM.COM
Mon Mar 29 15:30:52 IST 2004


Martin Sapsed wrote:
> Chris Conn wrote:
>
>> Fine, but nevertheless, how come there is no message sent to even the
>> forged email with the configuration I posted?
>
>
> [which was]
> Non-Forging Viruses = Klez/ Zip-Password
>
> Sorry - it's just come to me.
>
> Julian put WM97/ and Joke/ in the example because the Sophos reports
> identify these files as WM97/something or Joke/something. Klez is
> identified as W32/Klez-H (or -whatever variant you're looking for). The
> string "Klez/" doesn't appear in that identification. If you want Klez
> in your Non-forging list then any of
>
> Klez
> Klez-H          (if you only want to check for that)
> W32/Klez
>
> should do the trick, assuming that these are the strings that your virus
> checker uses. (Can't recall if you use Sophos or not?)

Hello,

This is fine, but the fact remains that the sender of the virus receives
no warning; the intended "recipient", which in fact was not intended
since it is virus propagation, receives a warning that his
zipped-password file was blocked by MailScanner.  This is embarassing
when the zipped-file was actually a Bagle-zippwd.  So how do you
generate a warning that a Zip-Password was refused, and send that
warning to the SENDER of the mail?

Chris



More information about the MailScanner mailing list