Why mailscanner fails recognizing a forwarded infected.

[Mirko Bovati]

>
> I will send the sendmail' s pair to Nai and wait for news.
> have you got any other hints?


I sent the infected email to Nai, they anwered (an autoreply).
they said they detected a MIME encoded e-mail file. that's true.
So the question is: is the command line (uvscan) able to check
MIME files without any other help (module plugin etc..).

I think MailScanner does it by perl-MIME-Base64-2.12-1.src.rpm
perl-MIME-tools-5.411-pl4.3.src.rpm. Isn't?

If that's true I'm at the starting point: uvscan alone is not supposed to
check MIME files and MailScanner (at least my installation) is missing some
virus.

I am available to send the mail o the sendmail pair to test if is only my
installation affected.

thanks
Mirko



>
> thanks,
> mirko
>
> > I would check virus.scanners.conf to see from which location MailScanner
> > is invoking mcafee. Also I would check if there are any symlinks to the
> > dat files. If there are, replace the symlinks to the datfiles with
> > the real dat files and try scanning from MailScanner again.
> >
> > > mirko
> > >
> > >> I used to have symlinks to my dat files and binary untill I got badly
> > >> bitten....
> > >>
> > >> I decided to ditch mcafee completely but that's another subject :)
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).