Release 4.50.9 : Re: Worm.VB-8 not detected by filename or
filetype
Dhawal Doshy
dhawal at netmagicsolutions.com
Wed Jan 18 22:12:43 GMT 2006
Dhawal Doshy wrote:
>>>>>>>>> Julian Field wrote:
>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>>
>>>>>>>>>> I have just released 4.50.9 which will decode the UU-encoded
>>>>>>>>>> file attached to these messages, so that the virus scanners
>>>>>>>>>> should all catch it, filename traps will work on the .scr
>>>>>>>>>> file inside the .bhx file, filetype traps will work on it too.
>>>>>>>>>
>>>>>>>>> Just successfully upgraded a couple of production servers..
>>>>>>>>
>>>>>>>> I notice this in the logs..
>>>>>>>> Jan 18 20:54:00 mx1 MailScanner[13545]: Infected message
>>>>>>>> 73CEF28ABDE.D9736 came from
>>>>>>>>
>>>>>>>> The IP address is blank :-(, i'll try and run this through the
>>>>>>>> debug sometime later.
>>>>>>>
>>>>>>> The debug mode didn't tell me anything (apart from the EOCD
>>>>>>> thingy).. how do i track this problem?
Julian,
I *might* have figured the error, here's the situation..
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = yes
But filename.rules.conf has been modified to use deny+delete rather than
simply deny.
deny+delete \.pif$ - -
deny+delete \.scr$ - -
deny+delete \.cpl$ - -
Yet MailScanner (i think) tries to send out a notification for the
policy violation and yes.. this time being sent from localhost it
obviously doesn't show the IP address. The problem is it goes into an
endless loop post this situation of trying to send out the notification.
Any ideas?
- dhawal
More information about the MailScanner
mailing list