Win32.Netsky.P slipping through.
Tony Enderby
tenderby at VHIA.COM.AU
Fri Jul 8 07:11:50 IST 2005
I'm not so sure that's the case Julian, sending a message remotely via a
network that's not part of any ruleset exemptions with the infected
attachment but via a different mail client results in the mail being picked
up correctly. Is there anything else I should have a look at that may be
causing it? .. they have only been coming through since my upgrade to
4.43.8 last night.
Julian Field
<MailScanner at ECS.
SOTON.AC.UK> To
Sent by: MAILSCANNER at JISCMAIL.AC.UK
MailScanner cc
mailing list
<MAILSCANNER at JISC Subject
MAIL.AC.UK> Re: Win32.Netsky.P slipping
through.
08/07/2005 04:03
PM
Please respond to
MailScanner
mailing list
<MAILSCANNER at JISC
MAIL.AC.UK>
Almost certainly because you have rulesets in place that stop this
detection taking place.
On 8 Jul 2005, at 06:45, Tony Enderby wrote:
> Greetings Folks,
>
> I have noticed a few messages slipping past mailscanner file type
> detection
> and AV scan today but being blocked by spamassassin
>
> The attachment type varies between .wav and .pif sometimes with
> heaps of
> white space in the filename
>
> i.e document.txt
> .pif
>
> I have noticed that if I take the infected attachment from
> quarantine and
> resend via the mailscanner box, that the attachment is picked up and
> detected as a virus / bad content.
>
> Could anyone shed some light on why these may be slipping through
> mailscanner when sent from external sources.
> MS version is 4.43.8 and I'm running Clam AV and Bit Defender. A
> copy of
> the headers from one of the messages in question below.
> In this particular instance, the attachment was a .wav file but
> most of the
> others have been .pif
>
> Any help would be welcomed.
>
> Tony.
>
> -----------------------
>
> Subject: Mail Delivery (failure -address removed-)
> Date: Fri, 8 Jul 2005 15:33:49 +1000
> MIME-Version: 1.0
> Content-Type: multipart/related;
> type="multipart/alternative";
> boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
> X-Priority: 3
> X-MSMail-Priority: Normal
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list