BUG? Silent Viruses and infected, password protected ZIPs

Hirsh, Joshua joshua.hirsh at PARTNERSOLUTIONS.CA
Mon May 31 15:04:40 IST 2004


Hey All,

 I noticed this the other day, my apologies if I've missed a discussion on
the list about this. I couldn't find anything in the archives.


 With 4.30.3-2, I have 'Silent Viruses' set to All-Viruses only, so that
(clean) password protected zip files still send notifications to the
recipient. I also delete most viruses instead of quarantining them by a
ruleset on 'Quarantine Infections', and cut down on the amount of postmaster
notices with the same ruleset applied to 'Send Notices'.

 When a password protected zip file comes through that also contains a virus
(Bagle, in this case), it matches against a negative ruleset on 'Quarantine
Infections' and 'Send Notices', so I never receive notification of the
infection (which is good), but the recipient is still notified that the
attachment was deleted.

 The comment for 'Silent Viruses' says the following (this is specifically
for senders, but it's the same action for recipients):

 # The default of "All-Viruses" means that no senders of viruses will be
 # notified (as the sender address is always forged these days anyway),
 # but anyone who sends a message that is blocked for other reasons will
 # still be notified.

 So it seems to me that the zip was picked up by the "blocked for other
reasons" portion of this text, but because the zip file was truly infected,
I would expect the behaviour should have been that no notification of the
infected message is sent to the end recipient.


 Please correct me if my logic doesn't quite match up ;-)

 Cheers,
-Joshua

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list