SV: MailScanner miss several Regning.exe files - beware zip virus

Scott Silva ssilva at sgvwater.com
Thu Nov 23 04:43:12 GMT 2006 

Jan Elmqvist Nielsen spake the following on 11/22/2006 4:08 AM:
> -----Oprindelig meddelelse-----
> Fra: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] På vegne af Glenn Steen
> Sendt: 22. november 2006 12:52
> Til: MailScanner discussion
> Emne: Re: MailScanner miss several Regning.exe files - beware zip virus
> 
> On 22/11/06, Jan Elmqvist Nielsen <jen at ah.dk> wrote:
>>  Attached is a zip queue file.
>> None af my virus scanners detect the virus yet
>>
>> /jan Elmqvist Nielsen
>>
>> -----Oprindelig meddelelse-----
>> Fra: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] På vegne af Jan 
>> Elmqvist Nielsen
>> Sendt: 22. november 2006 12:15
>> Til: MailScanner discussion
>> Emne: SV: MailScanner miss several Regning.exe files
>>
>> Several of thise (virus) exe files is still comming through!!
>>
>> I wonder if it's Fedora 4's file command which is to blam.
>>
>> I have some mail which the file command say it's MPEG but it's a plain html file!
>>
>> Have any of you have the same experience with FC4 and MailScanner?
>>
>> /Jan Elmqvist Nielsen
> 
> Jan, do you mean that you _have_ filename/filetype checking on? And this slipped through?
> Do you employ any rulesets for those settings in MailScanner.conf?
> 
> Looking at the file, it looks like it'd fall afoul of the filename checks, so no matter if the filetype checks worked or not, it should've been caught... Unless you axplicitly allow it (perhaps by a ruleset.).
> 
> Hi Glenn
> 
> Yes - that's correct!
> 
> I have received 49 today of which 17 wasn't stopped even though it contains af exe file!
> And I can see some of the 17 also have missed the virus check! Even though f-secure can detect it!!
> 
> MS 4.54.6 on FC4
> 
> /Jan Elmqvist Nielsen
>  
Is your virus scanning timeout or your file command timeout too short?


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list