Virus mail slipped through under special

Raylund Lai raylund.lai at KANKANWOO.COM
Tue Jul 12 20:31:54 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Drew,

I'm using BitDefender, ClamAV (clamavmodule) and f-prot.  All are built 
from the port tree.  The AV are working fine (they do catch virus mail) 
except this kind of mail.

I'm going to send you the mail for you to have a look.

Anyway, what is the error message saying?

Cheers
Raylund

Drew Marshall wrote:

> Raylund Lai wrote:
>
>> I was also testing MailScanner in debug mode and feeding the virus 
>> email manually (via telnet).  MailScanner let the virus mail through 
>> and the console return MailScanner error:
>>
>> ----- begin MailScanner output -----
>> mxgw# /usr/local/etc/rc.d/mailscanner.sh start
>> Starting MailScanner...
>> In Debugging mode, not forking...
>> SA bayes lock is /root/.spamassassin/bayes.lock
>> Bayes lock is at /root/.spamassassin/bayes.lock
>> format error: can't find EOCD signature
>> at /usr/local/libexec/MailScanner/MailScanner line 598
>> Stopping now as you are debugging me.
>> ----- end MailScanner output -----
>
>
> Which AV scanner(s) are you using and have you checked the 
> corresponding entries in /usr/local/etc/MailScanner/virus.scanners.conf?
>
>>
>> I tried to send the virus mail as attachment of eml file out to my 
>> hotmail account, but my mail server virusscan quarantined it.  I also 
>> tried to send it directly to the mail gateway and my hotmail did 
>> receive it without problem.  That is MailScanner didn't intercept it 
>> as virus mail.  The error message is the same as above.
>>
>> At least I've narrowed down the problem now.  Do you still want me to 
>> send it to you (as attachment eml)?  Or Julian wants it too?
>
>
> It's up to you (I suspect it's not going to prove much other than my 
> system is working and your isn't, which isn't really helpful ;-) )
>
>>
>> btw, I've switched my gateway with a new box running latest FreeBSD 
>> 5.4 and MailScanner 4.43.8.  I'm using the old box as testing now.
>
>
> I assume you have installed them all from the ports tree?
>
> Drew
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list