Viruses apparently getting through

IT Dept itdept at FRACTALWEB.COM
Mon Dec 5 18:09:29 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gib Gilbertson Jr. wrote:

> Hi.
>
> I seeing a lot of e-mails getting through that are caught by ZoneAlarm 
> Security Suite and reported to be infected by the Win32.Sober.W!.ZIP 
> virus. These are coming in as attachments with the extension .zm9 as 
> reported by ZoneAlarm.
>
>
> I am running the following on FreeBSD 4.10
>
> MailScanner 4.32.4
> ClamAV 0.87.1/1200
>
> I've added a file types rule to deny \.zm9$ files
>
> I'm still getting them in e-mail though.
>
> Any thoughts?
>
> Thanks
>
> gib
>
>
Gib,

I was having a similar problem last week, and it wasn't until Glenn and 
Ken suggested that my system may have two separate versions of ClamAV 
running that we figgured it out. Sure enough, I had upgraded ClamAV 
manually to 0.87.1, but there was another instance of 0.6x laying 
around. When I manually scanned something, it used 0.87.1; guess which 
one MailScanner was using?

Once I did this, my system was happily catching all of the viruses.

Hope this helps.

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list