Notify sender of viruses Only when they belong to my internal network

Alex Neuman van der Hans alex at nkpanama.com
Mon Jan 22 18:27:58 CET 2007


So sophos and panda think it's a virus... Any chance telling them it 
isn't, through one of their config files?

Another thing you might try (if you're not doing that already) is adding 
clamav to the mix. It's easy to install using Julian's prefab tarball, 
and it could presumably catch things the others might miss.

Jorge Costinha wrote:
> That was my first question too! according to logs file:
> 
> 
> Jan 22 14:51:35 firewall sendmail[8685]: l0MEpX6K008685: 
> from=<jlcostinha at halla.pt>, size=4577117, class=0, nrcpts=1, 
> msgid=<3210629128.20070122145335 at halla.pt>, proto=ESMTP, daemon=MTA, 
> relay=[192.168.10.191]
> 
> Jan 22 14:51:37 firewall MailScanner[1877]: New Batch: Scanning 1 
> messages, 4577581 bytes
> 
> Jan 22 14:51:37 firewall MailScanner[1877]: Expired 1 records from the 
> SpamAssassin cache
> 
> Jan 22 14:51:38 firewall MailScanner[1877]: Virus and Content Scanning: 
> Starting
> 
> Jan 22 14:51:42 firewall MailScanner[1877]: Password protected file 
> ./l0MEpX6K008685/horascompensa%%E7.xls
> 
> Jan 22 14:51:42 firewall MailScanner[1877]: Virus Scanning: Sophos found 
> 1 infections
> 
> Jan 22 14:51:44 firewall MailScanner[1877]: Virus Scanning: Panda found 
> 1 infections
> 
> Jan 22 14:51:44 firewall MailScanner[1877]: Infected message 
> l0MEpX6K008685 came from 192.168.10.191
> 
> Jan 22 14:51:44 firewall MailScanner[1877]: Virus Scanning: Found 1 viruses
> 
> 
> i would say yes to your question, right?
> 
> 
>>  Password protected = virus? Are you sure?
> 
> 
>>  Jorge Costinha wrote:
> 
>> > greatings all,
> 
> 
> 
> 
>> > here what i have tried, unsuccessful:
> 
> 
> 
>> > in Mailscanner.conf
> 
> 
> 
>> > .
> 
> 
>> > .
> 
> 
>> > .
> 
> 
>> > Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules
> 
> 
>> > .
> 
> 
>> > .
> 
> 
>> > .
> 
> 
> 
> 
>> > contents of NotifyVirusSenders.rules
> 
> 
> 
>> > From:                192.168.10.        yes
> 
> 
>> > FromOrTo:        Default        no
> 
> 
> 
> 
>> > ive tried change the ip to my domain, something like
> 
> 
> 
>> > From: *@mydomain.com <mailto:*@mydomain.com> yes 
> 
> 
> 
>> > didnt work. the purpose of this started when someone inside my network 
> 
>> > sent an excel password-protected file. The email wasnt delivered and the 
> 
>> > sender didnt get any notification. I figure that internal users should 
> 
>> > be receive notifications. if anyone has a better idead, i would 
> 
>> > appreciate. Anyway, i cant seem to identify the problem. 
> 
> 
> 
>> > thanks in advance 
> 
> 
>> > __
> 
> 
>> > Jorge Costinha
> 
> 
> 
> 
> 
>> > -- 
> 
>> > This message has been scanned for viruses and
> 
>> > dangerous content by HCC Mailscanner software, and is
> 
>> > believed to be clean.
> 
> 
>>  -- 
> 
>>  MailScanner mailing list
> 
>  > mailscanner at lists.mailscanner.info 
> <mailto:mailscanner at lists.mailscanner.info>
> 
> *MailScanner has detected a possible fraud attempt from 
> "lists.mailscanner.info" claiming to be* > 
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> 
>>  Before posting, read http://wiki.mailscanner.info/posting
> 
> 
>>  Support MailScanner development - buy the book off the website! 
> 
> 
> 
> 
> __
> 
> Jorge Costinha
> 
> MIS Sénior Specialist
> 
> Halla climate Control Portugal
> 
> telf. 21 233 8825 Fax. 21 233 8801
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by HCC Mailscanner software, and is
> believed to be clean.
> 


More information about the MailScanner mailing list