<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
My logs shows the message was blocked all right.<br>
<br>
[root@mail2 ~]# cat /var/log/maillog | grep start.zip<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
Trojan.Fakealert-532 :: ./E46EC418932.42ACF/start.zip<br>
[root@mail2 ~]# cat /var/log/maillog | grep E46EC418932.42ACF<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
Trojan.Fakealert-532 FOUND :: ./E46EC418932.42ACF/<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
Trojan.Fakealert-532 :: ./E46EC418932.42ACF/Start.exe<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
Trojan.Fakealert-532 :: ./E46EC418932.42ACF/start.zip<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: ClamAVModule::INFECTED::
Email.Hdr.Sanesecurity.08071800 FOUND :: ./E46EC418932.42ACF/<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: Infected message
E46EC418932.42ACF came from 89.136.55.85<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: Filename Checks:
(E46EC418932.42ACF Start.exe)<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: Filetype Checks: No
executables (E46EC418932.42ACF Start.exe)<br>
Sep 15 17:06:50 mail2 MailScanner[2130]: Logging message
E46EC418932.42ACF to SQL<br>
Sep 15 17:06:50 mail2 MailScanner[4701]: E46EC418932.42ACF: Logged to
MailWatch SQL<br>
[root@mail2 ~]#<br>
<br>
Let me know if you anything else from the logs.<br>
<br>
Julian Field wrote:
<blockquote cite="mid:48CE134C.7080307@ecs.soton.ac.uk" type="cite">As
some of you may have already realised, a few people are having a
problem on particular OS's when using Postfix, where a message
generated by a particular Trojan are not being unpacked properly.
<br>
<br>
So Postfix users on CentOS, please can you check your logs for any
16-17Kb spams which could possibly containing an attachment called
"start.zip" (grep should find it in raw queue files, if you're
wondering how to do that for raw queue files), which have not always
been detected as infected.
<br>
<br>
You might want to use the "Archive Mail" feature of MailScanner.conf
for a while to see if you're getting anything like that, in case you
are suffering the problem.
<br>
<br>
We would very much like to know how widespread this problem is, so
please report back with your findings and we'll take a straw poll of
the respondents.
<br>
<br>
Thanks folks!
<br>
<br>
Jules
<br>
<br>
</blockquote>
<font size="-1"><font face="Verdana"><br>
<br>
<br>
</font></font><br>
<div class="moz-signature">-- <br>
<title></title>
<font face="Verdana" size="-1">Thanks.<br>
<br>
Mohd Hafiz Ramly<br>
Senior Consultant<br>
<b>Variegate Systems Sdn Bhd</b><br>
Tel : +60 4 2298808<br>
Fax : +60 4 2295006<br>
Mobile : +6 013 4812676<br>
Web : <a class="moz-txt-link-freetext" href="http://www.variegate.biz">http://www.variegate.biz</a><br>
<a href="http://www.variegate.biz/"><img alt="Variegate - Openbravo"
title="Variegate - Openbravo"
src="cid:part1.03030509.02030806@variegate.biz" border="0" height="44"
width="153"></a><a href="http://www.variegate.biz/"><br>
</a></font>
</div>
</body>
</html>