ClamAV and MailScanner Bug
Raymond Dijkxhoorn
raymond at PROLOCATION.NET
Wed May 4 23:12:19 IST 2005
Hi!
> We are stopping thousands of these but we're sometimes seeing part of the
> zipped payload getting through. The infected file appears to contain three
> attachments:
> /var/spool/MailScanner/quarantine/20050504/j44LRpb2006726
> May 4 16:27:57 www1 MailScanner[6604]: Saved infected
> "Winzipped-Text_Data.txt .exe" to
>
> Sometimes only the one file: Winzipped-Text_Data.txt .exe" appears
> to be delivered. The PC version of BitDefender has caught three today that
> were delivered.
>
> BTW - The "real" filename appears to be:
> Winzipped-Text_Data.txt\ \ \ \ \ \ \ \ \ \ \ .exe"
>
> Any one else seeing this behavior?
What does Clam say about those, or virustotal.com, if you uplaod it there
I mean, does Clam see them at all or isnt MS seeeing them? Like before
when there were mime patches needed to detect some variants of another
Sober.
Bye,
Raymond.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list