Problem with still deliver silent viruses
Josh Malone
jmalone at nrao.edu
Mon Apr 5 22:24:50 IST 2010
Hi,
It seems that as of MailScanner 4.79, still deliver silent viruses = yes
has changed and mailscanner now sends the message without stripping the
infected attachment if a virus scanner actually finds a virus. What I'm
seeing is that, for example, *.exe that doesn't contain a virus identified
by our scanner (sophos) is being stripped out, but if sophos finds a virus,
mailscanner goes through the motions, "quarantines" the file but then fails
to strip the actually infected exe out of the message. If I completely turn
off the virus scanning (Virus Scanning = no) then all exe files get removed
from messages and the stripped message is delivered to users like I want.
I have confirmed this behaviour on 2 systems, both RedHat Enterprise, one
5.4 and one 5.5.
I really hope not to get bogged down in why we use "still deliver silent
viruses = yes" but we have a 2-layer system and a latter part of our filter
sorts virus-laden mail out of inboxes. According to this thread:
http://lists.mailscanner.info/pipermail/mailscanner/2010-March/095233.html
it seems like there may have been a specific change responsible for this
new behaviour. Does anybody have any insight on that?
Thanks,
-Josh
--
--------------------------------------------------------
Joshua Malone Systems Administrator
(jmalone at nrao.edu) NRAO Charlottesville
434-296-0263 www.cv.nrao.edu
434-249-5699 (mobile)
BOFH excuse #426:
internet is needed to catch the etherbunny
--------------------------------------------------------
More information about the MailScanner
mailing list