Why mailscanner fails recognizing a forwarded infected.

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Fri Sep 3 15:28:11 IST 2004


<x-flowed>
Mirko

do these scanners recognise the virus is called from the command line on
the MS computer??


--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300

Mirko Bovati wrote:

> hi all,
>
> sorry for reposting the same question, it seems that nobody ever had
> this problem.
>
> I received an infected email by W32/Mabutu.a at MM!zip (the local antivirus found
> it).
> If I forward this email, MailScanner say it is clean.
> Is it the normal behavior of a forwarded infected email? I think no but I
> can't see where is the problem.
>
> I have the pair of df and qf sendmail's that I could send to who is interested
> to the question.
>
> thanks,
> Mirko
>
> On Wednesday 01 September 2004 15:45, you wrote:
>
>>hi all,
>>
>>sometime we receive emails with an attach (document.zip) that mailscanner
>>"Found to be clean" while the local antivirus finds a W32/Mabutu.a at MM!zip.
>>
>>Strange behavior:
>>1) We forward the vired email and mailscanner still  "Found to be clean".
>>2) We save the attached file,  we send a new email and attach the previous
>>saved file (document.zip) then Mailscanner finds a W32/Mabutu.a at MM!zip
>>
>>
>>Any clue?
>>Thanks.
>>Mirko Bovati
>>
>>
>>on one installation:
>>mailscanner-4.12-2
>>AS2.1
>>sendmail-8.11.6-28.72
>>uvscan v4.3.20
>>
>>on another installation:
>>mailscanner-4.32.5-1
>>AS2.1
>>sendmail-8.11.6-28.72
>>uvscan v4.3.20
>>



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list