Viruses apparently getting through

IT Dept itdept at FRACTALWEB.COM
Mon Dec 5 18:09:29 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gib Gilbertson Jr. wrote:

> Hi.
> I seeing a lot of e-mails getting through that are caught by ZoneAlarm 
> Security Suite and reported to be infected by the Win32.Sober.W!.ZIP 
> virus. These are coming in as attachments with the extension .zm9 as 
> reported by ZoneAlarm.
> I am running the following on FreeBSD 4.10
> MailScanner 4.32.4
> ClamAV 0.87.1/1200
> I've added a file types rule to deny \.zm9$ files
> I'm still getting them in e-mail though.
> Any thoughts?
> Thanks
> gib

I was having a similar problem last week, and it wasn't until Glenn and 
Ken suggested that my system may have two separate versions of ClamAV 
running that we figgured it out. Sure enough, I had upgraded ClamAV 
manually to 0.87.1, but there was another instance of 0.6x laying 
around. When I manually scanned something, it used 0.87.1; guess which 
one MailScanner was using?

Once I did this, my system was happily catching all of the viruses.

Hope this helps.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list