zero byte exe files filling quarantine, help!!

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 30 17:31:50 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Jeff A. Earickson wrote:
> On Tue, 30 Jan 2007, Julian Field wrote:
>
>> Date: Tue, 30 Jan 2007 16:11:00 +0000
>> From: Julian Field <MailScanner at ecs.soton.ac.uk>
>> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Subject: Re: zero byte exe files filling quarantine, help!!
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Will 1 configuration setting do, like this:
>>
>> Notify Senders Of Too Large Or Too Small Attachments = yes or no
>>
>> You don't really need separate configurations for too large and too
>> small do you? Please say no :-)
>>
>> Jules.
>
> I consider zero-byte attachments a pathological case where no 
> notification
> is needed, ever.  Anything > 0 would be legit; then it is just a case
> of "too large" and whether or not to notify.
>
> Hmmm, I just noticed this in MailScanner.conf:
>
> # The minimum size, in bytes, of any attachment in a message.
> # If this is set less than or equal to zero, then no size checking is 
> done.
> # It is very useful to set this to 1 as it removes any zero-length
> # attachments which may be created by broken viruses.
> # This can also be the filename of a ruleset.
> Minimum Attachment Size = -1
>
> If I set this to 1, per the comment, would I have avoided this morning's
> problems?  Maybe the default for this *should* be one???
>
It would have notified the apparent sender of all the 0-byte files, 
which you probably didn't want.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFv3NXEfZZRxQVtlQRAiuVAJ0ehFYjMU/XFu7DvlR/zzB+6Pw1SACgi2WR
GUOs8uiHZjcQB4csh1uaWKA=
=kcn8
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner mailing list