Release 4.50.9 : Re: Worm.VB-8 not detected
by filename or filetype
Julian Field
MailScanner at ecs.soton.ac.uk
Wed Jan 18 17:40:37 GMT 2006
Dhawal Doshy wrote:
> Dhawal Doshy wrote:
>> Dhawal Doshy wrote:
>>> Julian Field wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>
>>>> I have just released 4.50.9 which will decode the UU-encoded file
>>>> attached to these messages, so that the virus scanners should all
>>>> catch it, filename traps will work on the .scr file inside the
>>>> .bhx file, filetype traps will work on it too.
>>>
>>> Just successfully upgraded a couple of production servers..
>>
>> I notice this in the logs..
>> Jan 18 20:54:00 mx1 MailScanner[13545]: Infected message
>> 73CEF28ABDE.D9736 came from
>>
>> The IP address is blank :-(, i'll try and run this through the debug
>> sometime later.
>
> The debug mode didn't tell me anything (apart from the EOCD thingy)..
> how do i track this problem?
>
> Jan 18 22:40:53 mx2 MailScanner[21952]: Infected message
> 77CE7288647.0EFC0 came from <== this is blank
>
> However the same thing works fine for spam
Could the message have been generated on the server? If it is generated
by invoking postfix (via the sendmail soft-link) directly, then there
won't be any client IP as there was never an SMTP transaction.
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list