SV: Verify virus scanning
Peter Lemieux
mailscanner at replies.cyways.com
Tue Mar 29 18:26:14 UTC 2016
Traditional viruses don't show up very often on the systems I manage either.
Most of the messages we reject these days look like this:
Sender: wadas1960 at example.com
IP Address: 94.204.56.50
Recipient: wadas1960 at example.com
Subject: CCE29032016_00035.jpg
MessageID: u2TFJNRF025532
Quarantine: /var/spool/MailScanner/quarantine/20160329/u2TFJNRF025532
Report: MailScanner: JScript Scripts are dangerous in email
(CYL9565832701.js)
Report: MailScanner: JScript Scripts are dangerous in email
(CYL9565832701.js)
We block messages with embedded scripts via the filename/filetype rules. We
also have clamd configured to quarantine messages containing Microsoft
Office documents with embedded macros.
Peter
On 03/29/2016 10:34 AM, Trond M. Markussen wrote:
> I am just concerned because the *very* low number of detected viruses
> seems unrealistic in comparison to the overall amount of mail, including
> high scoring spam with various suspicious attachments. But I understand
> these attachments most often don't technically contain viruses, but
> rather download malware via iframes etc..
More information about the MailScanner
mailing list