Potential Postfix CentOS message unpacking bug

Mark Sapiro mark at msapiro.net
Mon Sep 15 21:16:22 IST 2008

On Mon, Sep 15, 2008 at 08:48:28AM +0100, Julian Field wrote:
> So Postfix users on CentOS, please can you check your logs for any 
> 16-17Kb spams which could possibly containing an attachment called 
> "start.zip" (grep should find it in raw queue files, if you're wondering 
> how to do that for raw queue files), which have not always been detected 
> as infected.

I have seen exactly one of these

/var/log/maillog:Sep 15 00:25:16 sbh16 MailScanner[783]: ClamAVModule::INFECTED:: Trojan.Fakealert-532 :: ./4C266690092.86EA5/start.zip

in the last 30 days and no spam quarantined with start.zip attachments.

> You might want to use the "Archive Mail" feature of MailScanner.conf for 
> a while to see if you're getting anything like that, in case you are 
> suffering the problem.

I have just enabled Archive Mail and will look for start.zip in the archive.

It would help if someone could post one of the infected messages that isn't
properly scanned on the web somewhere and post a link here so we could
test with that.

Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list