possible corrupt sanesecurity defs
Chris Yuzik
itdept at fractalweb.com
Wed Feb 20 18:37:54 GMT 2008
Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Chris Yuzik wrote:
>
>> Chris Yuzik wrote:
>>
>>> Our server downloaded what I believe to be either a corrupt
>>> sanesecurity definition file or a valid file with a false-positive.
>>> In any case, hundreds of messages were incorrectly tagged as
>>> infected. Not a good day.
>>>
>>> How do I go about releasing these?
>>>
>>> And how can we prevent this from happening in the future?
>>>
>>> Any help would be much appreciated.
>>>
>> I suppose I should point out that it hit on the rule
>> "Email.Hdr.Sanesecurity.07021900"
>>
>>
>>
> What MTA are you using? Do you quarantine viruses at all? Do you
> quarantine them as Raw Queue Files? All of this lot are in your
> MailScanner.conf file.
>
> Jules
>
> - --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.0 (Build 2158)
> Comment: Use Thunderbird Enigmail to verify this message
> Charset: ISO-8859-1
>
> wj8DBQFHvHFrEfZZRxQVtlQRArX7AKCgUl3Mr1Udy1226jhGVUkt1IP7QgCfQZqb
> znH6KxhHWD4e4di5VsCQJGI=
> =mlGj
> -----END PGP SIGNATURE-----
>
>
Julian,
Using Sendmail. We DO quarantine viruses. They are NOT quarantined as
raw queue files. So, for example, we have a file called "message" in a
dir called /var/spool/MailScanner/quarantine/20080220/m1KHWhuB006243.
Thanks,
Chris
More information about the MailScanner
mailing list