Potential Postfix CentOS message unpacking bug
Alex Broens
ms-list at alexb.ch
Mon Sep 15 13:07:24 IST 2008
On 9/15/2008 1:44 PM, Mohd Hafiz Ramly wrote:
> Hi,
>
> My logs shows the message was blocked all right.
>
> [root at mail2 ~]# cat /var/log/maillog | grep start.zip
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
> Trojan.Fakealert-532 :: ./E46EC418932.42ACF/start.zip
> [root at mail2 ~]# cat /var/log/maillog | grep E46EC418932.42ACF
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
> Trojan.Fakealert-532 FOUND :: ./E46EC418932.42ACF/
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
> Trojan.Fakealert-532 :: ./E46EC418932.42ACF/Start.exe
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
> Trojan.Fakealert-532 :: ./E46EC418932.42ACF/start.zip
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
> Email.Hdr.Sanesecurity.08071800 FOUND :: ./E46EC418932.42ACF/
> Sep 15 17:06:50 mail2 MailScanner[2130]: Infected message E46EC418932.42ACF came
> from 89.136.55.85
> Sep 15 17:06:50 mail2 MailScanner[2130]: Filename Checks: (E46EC418932.42ACF
> Start.exe)
> Sep 15 17:06:50 mail2 MailScanner[2130]: Filetype Checks: No executables
> (E46EC418932.42ACF Start.exe)
> Sep 15 17:06:50 mail2 MailScanner[2130]: Logging message E46EC418932.42ACF to SQL
> Sep 15 17:06:50 mail2 MailScanner[4701]: E46EC418932.42ACF: Logged to MailWatch SQL
> [root at mail2 ~]#
>
> Let me know if you anything else from the logs.
on the affected systems some are detected, sadly *not* all
they'd be tagged as spam
Alex
More information about the MailScanner
mailing list