Release 4.50.9
: Re: Worm.VB-8 not detected by filename or filetype
Dhawal Doshy
dhawal at netmagicsolutions.com
Wed Jan 18 20:41:28 GMT 2006
Julian Field wrote:
> Julian Field wrote:
>> Dhawal Doshy wrote:
>>> Dhawal Doshy wrote:
>>>>>>>> Julian Field wrote:
>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>
>>>>>>>>> I have just released 4.50.9 which will decode the UU-encoded
>>>>>>>>> file attached to these messages, so that the virus scanners
>>>>>>>>> should all catch it, filename traps will work on the .scr file
>>>>>>>>> inside the .bhx file, filetype traps will work on it too.
>>>>>>>>
>>>>>>>> Just successfully upgraded a couple of production servers..
>>>>>>>
>>>>>>> I notice this in the logs..
>>>>>>> Jan 18 20:54:00 mx1 MailScanner[13545]: Infected message
>>>>>>> 73CEF28ABDE.D9736 came from
>>>>>>>
>>>>>>> The IP address is blank :-(, i'll try and run this through the
>>>>>>> debug sometime later.
>>>>>>
>>>>>> The debug mode didn't tell me anything (apart from the EOCD
>>>>>> thingy).. how do i track this problem?
>>>>>>
>>> [SNIP]
>>> This is getting wierder :([root at db ~]# tail -f /var/log/maillog |
>>> grep "came from"
>>>
>>> Jan 19 01:29:37 mx2 MailScanner[24388]: Infected message
>>> 740E4288309.62BC0 came from 210.18.63.180
>>> Jan 19 01:29:45 mx2 MailScanner[24388]: Infected message
>>> 740E4288309.62BC0 came from
>>>
>>> Notice the duplication, now why would that happen?
>> You get 1 line for each infection report. Not quite sure why I wrote
>> it that way, but that's the reason.
> I'll improve it so it only prints it once for each infected message.
Thanks Julian,
You are a lifesaver.. if it wasn't for mailscanner i'd still be
struggling with amavis/qmail-scanner OR would have to depend on
barracuda support for a living :-)
Thanks again,
- dhawal
More information about the MailScanner
mailing list