Sophos sweep and password protected zip files

Jeff A. Earickson jaearick at colby.edu
Wed Jan 25 12:41:24 GMT 2006 

I ran into this a while back.  The following addition to MailScanner.conf
solved this problem and let the encrypted files thru:

Allowed Sophos Error Messages = "File was encrypted"

Jeff Earickson
Colby College

On Wed, 25 Jan 2006, Ray Gardener wrote:

> Date: Wed, 25 Jan 2006 09:42:18 +0000 (GMT)
> From: Ray Gardener <R.A.Gardener at shu.ac.uk>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Sophos sweep and password protected zip files
> 
> Hi,
>
> yesterday, an end user reported that some of his mail was not being 
> delivered. On inspection the mail was a password protected zip file. Within 
> our mailscanner setup we have two virus scanners Sophos sweep and ClamAV.
> Sophos was generating reports regarding this which caused mailscanner to 
> treat this as a virus (mailscanner report shown below) which was then 
> silently deleted. Is there an easy was to stop this happening?
>
>
> version details:
>
> sophos:
> Product version           : 4.00.0
> Engine version            : 2.32.5
> Virus data version        : 4.00
> User interface version    : 2.07.119
> Platform                  : Linux/Intel
> Released                  : 05 December 2005
>
> mailscanner: version  4.46.2
>
>
> and within Mailscanner.conf I already have set:
>
> Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Zip-Password
>
>
> mailscanner report starts
> _______________________________________________________________________
> The following e-mails were found to have: Virus Detected
>
> <SNIP...>
> Quarantine:
>    Report: Sophos: Password protected file 
> ./1F1NHK-00083Q-Fe/SHU-fw.zip/whatwasthesecondary.txt
>            Sophos: Password protected file 
> ./1F1NHK-00083Q-Fe/SHU-fw.zip/primary.txt
> ____________________________________________________________________
> mailscanner report ends
>
>
> Regards,
>
> Ray Gardener
> LITS
> Sheffield Hallam University
> 0114 225 4926
> -- 
> MailScanner mailing list
> MailScanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list