Release 4.50.9 : Re: Worm.VB-8 not detected by filename or
filetype
Julian Field
MailScanner at ecs.soton.ac.uk
Thu Jan 19 08:53:05 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 18 Jan 2006, at 22:12, Dhawal Doshy wrote:
> Dhawal Doshy wrote:
>>>>>>>>>> Julian Field wrote:
>>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>>>
>>>>>>>>>>> I have just released 4.50.9 which will decode the UU-
>>>>>>>>>>> encoded file attached to these messages, so that the
>>>>>>>>>>> virus scanners should all catch it, filename traps will
>>>>>>>>>>> work on the .scr file inside the .bhx file, filetype
>>>>>>>>>>> traps will work on it too.
>>>>>>>>>>
>>>>>>>>>> Just successfully upgraded a couple of production servers..
>>>>>>>>>
>>>>>>>>> I notice this in the logs..
>>>>>>>>> Jan 18 20:54:00 mx1 MailScanner[13545]: Infected message
>>>>>>>>> 73CEF28ABDE.D9736 came from
>>>>>>>>>
>>>>>>>>> The IP address is blank :-(, i'll try and run this through
>>>>>>>>> the debug sometime later.
>>>>>>>>
>>>>>>>> The debug mode didn't tell me anything (apart from the EOCD
>>>>>>>> thingy).. how do i track this problem?
>
> Julian,
>
> I *might* have figured the error, here's the situation..
>
> Notify Senders Of Viruses = no
> Notify Senders Of Blocked Filenames Or Filetypes = yes
>
> But filename.rules.conf has been modified to use deny+delete rather
> than simply deny.
> deny+delete \.pif$ - -
> deny+delete \.scr$ - -
> deny+delete \.cpl$ - -
>
> Yet MailScanner (i think) tries to send out a notification for the
> policy violation and yes.. this time being sent from localhost it
> obviously doesn't show the IP address. The problem is it goes into
> an endless loop post this situation of trying to send out the
> notification. Any ideas?
I don't understand your explanation. Are you saying that MailScanner
gets stuck in an endless loop?
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)
iQEVAwUBQ89TdPw32o+k+q+hAQH65wf/WqALqA0StDI/N1ZTL9q5QJIwb5u4fI2D
yy0mdpgbbaJ4ZxTH/pNWDW4Ng+Upoaq/t2W8AwQ+1LGWce4toLPxpOmj2gvGf/L2
kkivTdtwnwNYsD1FhUFoXuuAlA5TDKXk3w6i5mbkJo6BNhkYH0hcgrFKnl0aYy9d
mZmn9SDRRSwwbvJ9/Xgu6Ms1+RttRofPIcIIsaiqiLovtYjX+GEdkYVwu7D/l4vM
bMVyjUisr27WKZyY6T+7OCThD/aABjCBQ30a6cYRt2FTmZP25S2fzXVZ6cg19vJ4
AccD4fEwCN3q6gYN8w0NMePsJdEZxzWHqJWEq0gpKaltQtxT5Xxk/g==
=H8Vi
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list