Viruses getting through
Randal, Phil
prandal at herefordshire.gov.uk
Thu Sep 18 10:17:50 IST 2008
Even the ClamAV team have been "slow" in getting out patterns for these.
There's about three or four mass-mailed trojans doing the rounds, and
the dropped trojans get changed daily or more regularly.
I'm dealing with them by rigorously training Bayes, writing custom SA
rules based on the email content, and attachment-blocking.
Every little bit helps.
Cheers,
Phil
--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul
Welsh
Sent: 17 September 2008 21:53
To: mailscanner at lists.mailscanner.info
Subject: Viruses getting through
For the past few weeks I've had viruses getting through - the pesky ones
that claim to be flight confirmations, bank statements or some such with
small .zip files attached. I'm sure you know about them. Some are
tagged as spam but not all.
The headers of a recent one show that the message is classed as clean:
Received: from [217.45.162.11] by etrn.borusantelekom.com; Wed, 17 Sep
2008
09:17:36 +0000
Message-ID: <01c918a6$39323800$0ba22dd9 at ghw>
From: "Lindsey Avila" <ghw at borashipping.com>
Subject: Statement of fees 2008/09
Date: Wed, 17 Sep 2008 09:17:36 +0000
MIME-Version: 1.0
X-welshfamily-MailScanner: Found to be clean
X-welshfamily-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=0.407, required 6, autolearn=disabled,
XMAILER_MIMEOLE_OL_4B815 0.41)
X-welshfamily-MailScanner-From: ghw at borashipping.com
X-Spam-Status: No
I'm using clamav and bitdefender but although updated with the latest
definitions, it's probably ineffective because it's the free version
v7.1.
Running freshclam yields this:
# freshclam
ClamAV update process started at Wed Sep 17 21:41:04 2008 main.cld is up
to date (version: 48, sigs: 399264, f-level: 35, builder:
sven)
daily.cld is up to date (version: 8272, sigs: 28579, f-level: 35,
builder:
ccordes)
Here's the version of clam:
# clamscan -V
ClamAV 0.94/8272/Wed Sep 17 21:16:02 2008
I'm running MailScanner version 4.71.10.
I did browse the archive of this list but couldn't find the answer. Any
help appreciated.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list