Release
4.50.9 : Re: Worm.VB-8 not detected by filename or filetype
Julian Field
MailScanner at ecs.soton.ac.uk
Wed Jan 18 22:00:21 GMT 2006
Dhawal Doshy wrote:
> Julian Field wrote:
>> Julian Field wrote:
>>> Dhawal Doshy wrote:
>>>> Dhawal Doshy wrote:
>>>>>>>>> Julian Field wrote:
>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>>
>>>>>>>>>> I have just released 4.50.9 which will decode the UU-encoded
>>>>>>>>>> file attached to these messages, so that the virus scanners
>>>>>>>>>> should all catch it, filename traps will work on the .scr
>>>>>>>>>> file inside the .bhx file, filetype traps will work on it too.
>>>>>>>>>
>>>>>>>>> Just successfully upgraded a couple of production servers..
>>>>>>>>
>>>>>>>> I notice this in the logs..
>>>>>>>> Jan 18 20:54:00 mx1 MailScanner[13545]: Infected message
>>>>>>>> 73CEF28ABDE.D9736 came from
>>>>>>>>
>>>>>>>> The IP address is blank :-(, i'll try and run this through the
>>>>>>>> debug sometime later.
>>>>>>>
>>>>>>> The debug mode didn't tell me anything (apart from the EOCD
>>>>>>> thingy).. how do i track this problem?
>>>>>>>
>>>> [SNIP]
>>>> This is getting wierder :([root at db ~]# tail -f /var/log/maillog |
>>>> grep "came from"
>>>>
>>>> Jan 19 01:29:37 mx2 MailScanner[24388]: Infected message
>>>> 740E4288309.62BC0 came from 210.18.63.180
>>>> Jan 19 01:29:45 mx2 MailScanner[24388]: Infected message
>>>> 740E4288309.62BC0 came from
>>>>
>>>> Notice the duplication, now why would that happen?
>>> You get 1 line for each infection report. Not quite sure why I wrote
>>> it that way, but that's the reason.
>> I'll improve it so it only prints it once for each infected message.
>
> Thanks Julian,
>
> You are a lifesaver.. if it wasn't for mailscanner i'd still be
> struggling with amavis/qmail-scanner OR would have to depend on
> barracuda support for a living :-)
All donations are always gratefully received :-)
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list