Release 4.50.9 : Re: Worm.VB-8 not detected by filename or filetype

Dhawal Doshy dhawal at
Wed Jan 18 20:41:28 GMT 2006

Julian Field wrote:
> Julian Field wrote:
>> Dhawal Doshy wrote:
>>> Dhawal Doshy wrote:
>>>>>>>> Julian Field wrote:
>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>> I have just released 4.50.9 which will decode the UU-encoded 
>>>>>>>>> file  attached to these messages, so that the virus scanners 
>>>>>>>>> should all  catch it, filename traps will work on the .scr file 
>>>>>>>>> inside the .bhx  file, filetype traps will work on it too.
>>>>>>>> Just successfully upgraded a couple of production servers..
>>>>>>> I notice this in the logs..
>>>>>>> Jan 18 20:54:00 mx1 MailScanner[13545]: Infected message 
>>>>>>> 73CEF28ABDE.D9736 came from
>>>>>>> The IP address is blank :-(, i'll try and run this through the 
>>>>>>> debug sometime later.
>>>>>> The debug mode didn't tell me anything (apart from the EOCD 
>>>>>> thingy).. how do i track this problem?
>>> [SNIP]
>>> This is getting wierder :([root at db ~]# tail -f /var/log/maillog | 
>>> grep "came from"
>>> Jan 19 01:29:37 mx2 MailScanner[24388]: Infected message 
>>> 740E4288309.62BC0 came from
>>> Jan 19 01:29:45 mx2 MailScanner[24388]: Infected message 
>>> 740E4288309.62BC0 came from
>>> Notice the duplication, now why would that happen?
>> You get 1 line for each infection report. Not quite sure why I wrote 
>> it that way, but that's the reason.
> I'll improve it so it only prints it once for each infected message.

Thanks Julian,

You are a lifesaver.. if it wasn't for mailscanner i'd still be 
struggling with amavis/qmail-scanner OR would have to depend on 
barracuda support for a living :-)

Thanks again,
- dhawal

More information about the MailScanner mailing list