Viruses apparently getting through

Gib Gilbertson Jr. gib at TMISNET.COM
Sun Dec 4 00:25:43 GMT 2005 

At 05:43 PM 3/12/2005, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Where is your copy of ClamAV installed? The location must be correct in
>/etc/MailScanner/virus.scanners.conf.
>If "which clamscan" produces /usr/local/bin/clamscan, then the entry in
>virus.scanners.conf should be "/usr/local", if it produces
>/usr/bin/clamscan, then it should be "/usr".
>
>What does your maillog say? That should give some indication of what
>it's finding.

One thing I'm wondering about is why MailScanner isn't rejecting the 
file based on the file extension since it's set to deny in the 
filename.rules.conf file.

deny    \.zm9$

>Gib Gilbertson Jr. wrote:
>
> > Hi.
> >
> > I seeing a lot of e-mails getting through that are caught by ZoneAlarm
> > Security Suite and reported to be infected by the Win32.Sober.W!.ZIP
> > virus. These are coming in as attachments with the extension .zm9 as
> > reported by ZoneAlarm.
> >
> >
> > I am running the following on FreeBSD 4.10
> >
> > MailScanner 4.32.4
> > ClamAV 0.87.1/1200
> >
> > I've added a file types rule to deny \.zm9$ files
> >
> > I'm still getting them in e-mail though.
> >
> > Any thoughts?
> >
> > Thanks
> >
> > gib
> >
> >
> >
> >      Gib Gilbertson Jr.
> >      Tierramiga Info Systems
> >      619-287-8647 Support
> >      http://www.tmisnet.com
> >      San Diego's Friendly ISP
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>
>
>- --
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.3 (Build 2932)
>
>iQA/AwUBQ5HZKBH2WUcUFbZUEQIKBwCgl9T7X9Xg2QhKFbL0n+cNjFcTTB4AoNUP
>YoXqXQOSA1AVwLUeKTERIIbm
>=fo8d
>-----END PGP SIGNATURE-----
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!



      Gib Gilbertson Jr.
      Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's Friendly ISP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list