MailScanner miss several Regning.exe files

Glenn Steen glenn.steen at
Thu Nov 16 10:39:09 GMT 2006

On 16/11/06, Jan Elmqvist Nielsen <jen at> wrote:
> The virus Trojan-Downloader.Win32.Nurech.h (kaspersky) comes as a exe
> file.
> I have to my horror notice that serveral of these mails with the exe
> file attached not have been stop!!!
> I using MailScanner ver. 4.54.6 with mailwatch
> Attached are 2 screen dumps
> /Jan Elmqvist Nielsen
Hi Jan,

A couple of notes:
- Rechnung/Räkningen/Regning/etc/etc/etc is actually sold as a "Do it
yourself Malware-kit", complete with all you need to be able to
generate your own virus... This makes it pretty darned common for new
variants to pop up.
- You either have something up with your filenam/filetype detection,
or you aren't running it at all. Perhaps a badly come-together ruleset
(by email address or somesuch)?
- It does get detected as high-scoring spam, which shouldn't be
delivered (policy-dependant, I know:)

The above is one of the reasons filename/filetype blocking is really
important... You can have however many AVs in MS, you will still run
the risk of being the first one receiving a new (variant of a) virus.

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list