Potential Postfix CentOS message unpacking bug

Alex Broens ms-list at alexb.ch
Mon Sep 15 13:07:24 IST 2008


On 9/15/2008 1:44 PM, Mohd Hafiz Ramly wrote:
> Hi,
> 
> My logs shows the message was blocked all right.
> 
> [root at mail2 ~]# cat /var/log/maillog | grep start.zip
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED:: 
> Trojan.Fakealert-532 :: ./E46EC418932.42ACF/start.zip
> [root at mail2 ~]# cat /var/log/maillog | grep E46EC418932.42ACF
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED:: 
> Trojan.Fakealert-532 FOUND :: ./E46EC418932.42ACF/
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED:: 
> Trojan.Fakealert-532 :: ./E46EC418932.42ACF/Start.exe
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED:: 
> Trojan.Fakealert-532 :: ./E46EC418932.42ACF/start.zip
> Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED:: 
> Email.Hdr.Sanesecurity.08071800 FOUND :: ./E46EC418932.42ACF/
> Sep 15 17:06:50 mail2 MailScanner[2130]: Infected message E46EC418932.42ACF came 
> from 89.136.55.85
> Sep 15 17:06:50 mail2 MailScanner[2130]: Filename Checks:  (E46EC418932.42ACF 
> Start.exe)
> Sep 15 17:06:50 mail2 MailScanner[2130]: Filetype Checks: No executables 
> (E46EC418932.42ACF Start.exe)
> Sep 15 17:06:50 mail2 MailScanner[2130]: Logging message E46EC418932.42ACF to SQL
> Sep 15 17:06:50 mail2 MailScanner[4701]: E46EC418932.42ACF: Logged to MailWatch SQL
> [root at mail2 ~]#
> 
> Let me know if you anything else from the logs.

on the affected systems some are detected, sadly *not* all

they'd be tagged as spam

Alex



More information about the MailScanner mailing list