Release 4.50.9 : Re: Worm.VB-8 not detected by filename or filetype

Dhawal Doshy dhawal at
Wed Jan 18 22:12:43 GMT 2006

Dhawal Doshy wrote:
>>>>>>>>> Julian Field wrote:
>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>> I have just released 4.50.9 which will decode the UU-encoded 
>>>>>>>>>> file  attached to these messages, so that the virus scanners 
>>>>>>>>>> should all  catch it, filename traps will work on the .scr 
>>>>>>>>>> file inside the .bhx  file, filetype traps will work on it too.
>>>>>>>>> Just successfully upgraded a couple of production servers..
>>>>>>>> I notice this in the logs..
>>>>>>>> Jan 18 20:54:00 mx1 MailScanner[13545]: Infected message 
>>>>>>>> 73CEF28ABDE.D9736 came from
>>>>>>>> The IP address is blank :-(, i'll try and run this through the 
>>>>>>>> debug sometime later.
>>>>>>> The debug mode didn't tell me anything (apart from the EOCD 
>>>>>>> thingy).. how do i track this problem?


I *might* have figured the error, here's the situation..

Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = yes

But filename.rules.conf has been modified to use deny+delete rather than 
simply deny.
deny+delete     \.pif$ - -
deny+delete     \.scr$ - -
deny+delete     \.cpl$ - -

Yet MailScanner (i think) tries to send out a notification for the 
policy violation and yes.. this time being sent from localhost it 
obviously doesn't show the IP address. The problem is it goes into an 
endless loop post this situation of trying to send out the notification. 
Any ideas?

- dhawal

More information about the MailScanner mailing list