SV: MailScanner miss several Regning.exe files - beware zip virus

[Jan Elmqvist Nielsen]

-----Oprindelig meddelelse-----
Fra: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] På vegne af Glenn Steen
Sendt: 22. november 2006 12:52
Til: MailScanner discussion
Emne: Re: MailScanner miss several Regning.exe files - beware zip virus

On 22/11/06, Jan Elmqvist Nielsen <jen at ah.dk> wrote:
>  Attached is a zip queue file.
> None af my virus scanners detect the virus yet
>
> /jan Elmqvist Nielsen
>
> -----Oprindelig meddelelse-----
> Fra: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] På vegne af Jan 
> Elmqvist Nielsen
> Sendt: 22. november 2006 12:15
> Til: MailScanner discussion
> Emne: SV: MailScanner miss several Regning.exe files
>
> Several of thise (virus) exe files is still comming through!!
>
> I wonder if it's Fedora 4's file command which is to blam.
>
> I have some mail which the file command say it's MPEG but it's a plain html file!
>
> Have any of you have the same experience with FC4 and MailScanner?
>
> /Jan Elmqvist Nielsen

Jan, do you mean that you _have_ filename/filetype checking on? And this slipped through?
Do you employ any rulesets for those settings in MailScanner.conf?

Looking at the file, it looks like it'd fall afoul of the filename checks, so no matter if the filetype checks worked or not, it should've been caught... Unless you axplicitly allow it (perhaps by a ruleset.).

Hi Glenn

Yes - that's correct!

I have received 49 today of which 17 wasn't stopped even though it contains af exe file!
And I can see some of the 17 also have missed the virus check! Even though f-secure can detect it!!

MS 4.54.6 on FC4

/Jan Elmqvist Nielsen