<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4916.2300" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=469335219-21062002><FONT face=Arial color=#0000ff size=2>Ever
seen the movie Office Space?</FONT></SPAN></DIV>
<DIV><SPAN class=469335219-21062002><FONT face=Arial color=#0000ff size=2>Can
anyone read that?</FONT> </SPAN></DIV>
<BLOCKQUOTE>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Julian Field
[mailto:mailscanner@ECS.SOTON.AC.UK]<BR><B>Sent:</B> Friday, June 21, 2002
4:36 PM<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re:
sending a virus from mailscanner's domain isundetectedbutincoming mail from
either our domain or others isdetected<BR><BR></FONT></DIV>At 20:18
21/06/2002, you wrote:<BR>
<BLOCKQUOTE class=cite cite type="cite"><FONT face=arial color=#0000ff
size=2>ps</FONT><BR><FONT face=arial color=#0000ff size=2>HOw the heck could
it be hijacked?!! weird</FONT></BLOCKQUOTE><BR>Very easily. Your dialup ISP
has a proxy server which redirects all port 25 traffic to their own SMTP
server. <BR><BR>FreeServe in the UK do exactly this. It doesn't matter what
SMTP server you configure in your software, you always use theirs, which
avoids their tech support people having to deal with mail relaying
problems.<BR><BR>So what do your Received: headers say? What you expect?<BR>
<BLOCKQUOTE class=cite cite type="cite">
<DL><FONT face=tahoma size=2>
<DD>-----Original Message-----
<DD>From:</B> Ray Healy (Data Net Services) [<A
href="mailto:ray@MATRIX-DATANET.CO.UK"
eudora="autourl">mailto:ray@MATRIX-DATANET.CO.UK</A>]
<DD>Sent:</B> Friday, June 21, 2002 4:06 PM
<DD>To:</B> MAILSCANNER@JISCMAIL.AC.UK
<DD>Subject:</B> Re: sending a virus from mailscanner's domain is
undetectedbutincoming mail from either our domain or others is
detected<BR><BR></FONT><FONT face=arial size=2>
<DD>I am probably wrong in your situation but I thought I would mention
this</FONT>
<DD><FONT face=arial size=2>
<DD>I had a similar situation where emails were not being scanned by
MailScanner when sent through my RAQ but incomming messages where scanned
OK if sent to my RAQ by someone else.</FONT>
<DD><FONT face=arial size=2>
<DD>This was due to the email message being hijacked by the ISP I was
connecting to and putting the message through their own mail server and
not mine even though in the properties I had stated the address of my mail
server. </FONT><FONT face=arial size=2>
<DD>I do not know whether this is of any help or am I toytally off
track</FONT>
<DD><FONT face=arial size=2>
<DD>Ray</FONT>
<DD>
<DD>
<DD>
<DD>----- Original Message -----
<DD>From:</B> <A href="mailto:mailscanner@ECS.SOTON.AC.UK">Julian
Field</A>
<DD>To:</B> <A
href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A>
<DD>Sent:</B> Friday, June 21, 2002 6:56 PM
<DD>Subject:</B> Re: sending a virus from mailscanner's domain is
undetected butincoming mail from either our domain or others is
detected<BR><BR>
<DD>At 18:45 21/06/2002, you wrote:
<BLOCKQUOTE class=cite cite type="cite"><FONT face=arial color=#0000ff
size=2>
<DD>Hello,</FONT><FONT face=arial color=#0000ff size=2>
<DD>No not on the machine running mailscanner, but outlook 2000 on a
workstation sent an email to an outside domain with a virus to test and
the outside domain received it with the virus in tact.. Its the test
virus you referred me earlier to use.. when I reply (from the outside
domain) and its incoming to mailscanner, it will pick it up then. only
incoming scanning is taken place not outgoing.</FONT><FONT face=arial
color=#0000ff size=2>
<DD>Thanks!</FONT></DD></BLOCKQUOTE>
<DD>Did it get any X-MailScanner: header at all?
<DD>If not, then it probably didn't go via the MailScanner server.
<DD>If it did, then what did the header say? What is in your
mailscanner.conf file?<BR><BR>
<DD>Unless it is told to, MailScanner doesn't care what addresses are in
the email message.
<BLOCKQUOTE class=cite cite type="cite"><FONT face=tahoma size=2>
<DD>-----Original Message-----
<DD>From: Julian Field [<A href="mailto:mailscanner@ECS.SOTON.AC.UK"
eudora="autourl">mailto:mailscanner@ECS.SOTON.AC.UK</A>]
<DD>Sent: Friday, June 21, 2002 2:40 PM
<DD>To: MAILSCANNER@JISCMAIL.AC.UK
<DD>Subject: Re: sending a virus from mailscanner's domain is undetected
butincoming mail from either our domain or others is
detected<BR><BR></FONT>
<DD>At 17:36 21/06/2002, you wrote:
<DD>>Sending a virus from mailscanner's domain to another is
undetected, but
<DD>>incoming mail from either our domain or others, is detected.
<DD>>Is this normal? <BR><BR>
<DD>Did you run the email client program on the machine that is running
<DD>MailScanner, by any chance? If so, did you make the email program
talk SMTP
<DD>to localhost:25 or did it invoke sendmail directly? <BR><BR>
<DD>MailScanner (when running with sendmail) can only scan mail coming
in the
<DD>SMTP port. There is no way (with sendmail) of scanning mail poked
directly
<DD>at the sendmail binary.
<DD>--
<DD>Julian Field Teaching Systems Manager
<DD>jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science
<DD>Tel. 023 8059 2817 University of Southampton
<DD>Southampton SO17 1BJ
</DD></BLOCKQUOTE></DD></DL></BLOCKQUOTE><BR>--<BR>Julian
Field
Teaching Systems
Manager<BR>jkf@ecs.soton.ac.uk
Dept. of Electronics & Computer Science<BR>Tel. 023 8059
2817 University of
Southampton<BR>
Southampton SO17 1BJ <BR>
<BLOCKQUOTE></BLOCKQUOTE><BR>
<DIV>--</DIV>
<DIV>Julian
Field
Teaching Systems Manager</DIV>
<DIV>jkf@ecs.soton.ac.uk Dept.
of Electronics & Computer Science</DIV>
<DIV>Tel. 023 8059 2817
University of
Southampton</DIV>
Southampton SO17 1BJ </BLOCKQUOTE></BODY></HTML>