MailScanner miss several Regning.exe files
Glenn Steen
glenn.steen at gmail.com
Thu Nov 16 10:39:09 GMT 2006
On 16/11/06, Jan Elmqvist Nielsen <jen at ah.dk> wrote:
> The virus Trojan-Downloader.Win32.Nurech.h (kaspersky) comes as a exe
> file.
>
> I have to my horror notice that serveral of these mails with the exe
> file attached not have been stop!!!
>
> I using MailScanner ver. 4.54.6 with mailwatch
>
> Attached are 2 screen dumps
>
> /Jan Elmqvist Nielsen
>
Hi Jan,
A couple of notes:
- Rechnung/Räkningen/Regning/etc/etc/etc is actually sold as a "Do it
yourself Malware-kit", complete with all you need to be able to
generate your own virus... This makes it pretty darned common for new
variants to pop up.
- You either have something up with your filenam/filetype detection,
or you aren't running it at all. Perhaps a badly come-together ruleset
(by email address or somesuch)?
- It does get detected as high-scoring spam, which shouldn't be
delivered (policy-dependant, I know:)
The above is one of the reasons filename/filetype blocking is really
important... You can have however many AVs in MS, you will still run
the risk of being the first one receiving a new (variant of a) virus.
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list