Viruses apparently getting through
IT Dept
itdept at FRACTALWEB.COM
Mon Dec 5 18:09:29 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Gib Gilbertson Jr. wrote:
> Hi.
>
> I seeing a lot of e-mails getting through that are caught by ZoneAlarm
> Security Suite and reported to be infected by the Win32.Sober.W!.ZIP
> virus. These are coming in as attachments with the extension .zm9 as
> reported by ZoneAlarm.
>
>
> I am running the following on FreeBSD 4.10
>
> MailScanner 4.32.4
> ClamAV 0.87.1/1200
>
> I've added a file types rule to deny \.zm9$ files
>
> I'm still getting them in e-mail though.
>
> Any thoughts?
>
> Thanks
>
> gib
>
>
Gib,
I was having a similar problem last week, and it wasn't until Glenn and
Ken suggested that my system may have two separate versions of ClamAV
running that we figgured it out. Sure enough, I had upgraded ClamAV
manually to 0.87.1, but there was another instance of 0.6x laying
around. When I manually scanned something, it used 0.87.1; guess which
one MailScanner was using?
Once I did this, my system was happily catching all of the viruses.
Hope this helps.
Chris
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list