Sophos sweep and password protected zip files
Ray Gardener
R.A.Gardener at shu.ac.uk
Wed Jan 25 09:42:18 GMT 2006
Hi,
yesterday, an end user reported that some of his mail was not being
delivered. On inspection the mail was a password protected zip file.
Within our mailscanner setup we have two virus scanners Sophos sweep and
ClamAV.
Sophos was generating reports regarding this which caused mailscanner to
treat this as a virus (mailscanner report shown below) which was then
silently
deleted. Is there an easy was to stop
this happening?
version details:
sophos:
Product version : 4.00.0
Engine version : 2.32.5
Virus data version : 4.00
User interface version : 2.07.119
Platform : Linux/Intel
Released : 05 December 2005
mailscanner: version 4.46.2
and within Mailscanner.conf I already have set:
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Zip-Password
mailscanner report starts
_______________________________________________________________________
The following e-mails were found to have: Virus Detected
<SNIP...>
Quarantine:
Report: Sophos: Password protected file
./1F1NHK-00083Q-Fe/SHU-fw.zip/whatwasthesecondary.txt
Sophos: Password protected file
./1F1NHK-00083Q-Fe/SHU-fw.zip/primary.txt
____________________________________________________________________
mailscanner report ends
Regards,
Ray Gardener
LITS
Sheffield Hallam University
0114 225 4926
More information about the MailScanner
mailing list