[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Mailscanner not getting viruses all the time

Subject: RE: [cobalt-users] Mailscanner not getting viruses all the time
From: "Mike Brum" <php@xxxxxxxxxxxx>
Date: Wed Feb 11 10:09:04 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Also worth noting is that a lot of the MyDoom messages sent have malformed
mail headers. So when something like MailScanner gets the message they don't
hand off the proper attachment to the scanner and the scan falsely returns
an "All Clean" message and the mail server passes it through.

-M 

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Phil Beynon
Sent: Wednesday, February 11, 2004 12:53 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] Mailscanner not getting viruses all the time


> Hi
>
> I have a setup like this:
>
>
> internet
>    |
>    |
>    v
> primary MX
> [RaQ3 running Mailscanner/clamav/spamassassin]
>    |
>    |
>    v
> secondary MX
> [another RaQ3]
>
>
> Today one of the users told me that he gets alot of (what I think) is 
> MyDoom/worm.SCO even though hes mails are handled by this scanning 
> chain.
>
> I can see from the log that ALOT of worm.SCO's hitting the mailboxes 
> handled this way, so I cant figure out how the virus mails gets past 
> this setup?
>
> Has anyone experienced the same og maybe knows what could be wrong?
>

Sounds like your virus definitions are not quite up to date.
When Mydoom first appeared we were destroying a percentage due to normal
rules that mailscanner applies, i.e. along the lines of things like double
file extensions, .pif .scr attachments but the .zip ones were mainly getting
past it, once the definitions were up to date it killed 100% of them.

Phil


** http://www.diygear.com THE Online DIY Toolstore For DIY & Business
** Infolink Electronic Systems Ltd. http://www.infolinkelectronics.co.uk
** Professional Web Design & Cobalt Hosting Solutions
** Sun Cobalt iForce Reseller - Canon Silver Reseller
** Contact: Sales@xxxxxxxxxxxxxxxxxxxxxxxxx
** Tel / Fax 0121 458 4894 (office) 0121 441 3558 (home)


_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] Mailscanner not getting viruses all the time
  - From: Glenn Parsons

References:
- RE: [cobalt-users] Mailscanner not getting viruses all the time
  - From: Phil Beynon

Prev by Date: [cobalt-users] RaQXTR: CLI administration -- useradd
Next by Date: Re: [cobalt-users] Mailscanner not getting viruses all the time
Previous by thread: RE: [cobalt-users] Mailscanner not getting viruses all the time
Next by thread: RE: [cobalt-users] Mailscanner not getting viruses all the time

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index