Sophos sweep and password protected zip files

Martin Hepworth martinh at solid-state-logic.com
Wed Jan 25 09:50:53 GMT 2006 

Ray

Check out the "Allowed Sophos Error Messages" setting in MailScanner.conf.
Add in "Password protected file" to the list..



--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Ray Gardener
> Sent: 25 January 2006 09:42
> To: MailScanner discussion
> Subject: Sophos sweep and password protected zip files
> 
> Hi,
> 
> yesterday, an end user reported that some of his mail was not being
> delivered. On inspection the mail was a password protected zip file.
> Within our mailscanner setup we have two virus scanners Sophos sweep and
> ClamAV.
> Sophos was generating reports regarding this which caused mailscanner to
> treat this as a virus (mailscanner report shown below) which was then
> silently
> deleted. Is there an easy was to stop
> this happening?
> 
> 
> version details:
> 
> sophos:
> Product version           : 4.00.0
> Engine version            : 2.32.5
> Virus data version        : 4.00
> User interface version    : 2.07.119
> Platform                  : Linux/Intel
> Released                  : 05 December 2005
> 
> mailscanner: version  4.46.2
> 
> 
> and within Mailscanner.conf I already have set:
> 
> Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Zip-Password
> 
> 
> mailscanner report starts
> _______________________________________________________________________
> The following e-mails were found to have: Virus Detected
> 
> <SNIP...>
> Quarantine:
>      Report: Sophos: Password protected file
> ./1F1NHK-00083Q-Fe/SHU-fw.zip/whatwasthesecondary.txt
>              Sophos: Password protected file
> ./1F1NHK-00083Q-Fe/SHU-fw.zip/primary.txt
> ____________________________________________________________________
> mailscanner report ends
> 
> 
> Regards,
> 
> Ray Gardener
> LITS
> Sheffield Hallam University
> 0114 225 4926
> --
> MailScanner mailing list
> MailScanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

More information about the MailScanner mailing list