W32/MiMail.A
Kevin Miller
Kevin_Miller at CI.JUNEAU.AK.US
Fri Apr 29 16:38:43 IST 2005
Rose, Bobby wrote:
> Is anyone else seeing this slip thru? The symantec stuff running on
> our exchange servers is picking it up but it slipping thru my current
> MailScanner and ClamAV configured email router. Symantec is saying
> that it found W32.Mimail.a at mm in Unknown0000000.data within
> message.html. Yesterday I added that to the banned filename types but
> it still came thru so I'm wondering if it's another funky mime/header
> issue.
>
> I'm running ClamAV .83 and Mailscanner 4.40.11 on Solaris 8. The
> clamav defs are up to date. I'm going to try to quarantine one to
> get a look at it.
Are you sure the messages are coming through your MailScanner gateway? I
had a similar problem a year or so ago where Trend would pick up viruses on
Exchange. Turned out that one of my users had pointed their Outlook client
at their home ISP so they could check non-local mail account. The viruses
waltzed right in with nary so much as a 'howdy-do'. Fortunately, the
bouncers from Trend took them in the back alley and pummelled them before
they could cause a ruckus...
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list