At 06:25 PM 11/02/2004 +0100, you wrote:
Today one of the users told me that he gets alot of (what I think) is MyDoom/worm.SCO even though hes mails are handled by this scanning chain. I can see from the log that ALOT of worm.SCO's hitting the mailboxes handled this way, so I cant figure out how the virus mails gets past this setup? Has anyone experienced the same og maybe knows what could be wrong?
I have seen a few of these myself and as best as I can tell, the message is malformed and the attachment is actually garbled or truncated.
This results in clam missing the message as it is harmless but Norton detects it as it recognizes the first few KB and say it's got one.
I could be wrong but I did submit a sample of the file to the clam test site and it says it is not infected - so it's not that calm is not processing the message.
- Bill B. --------------------------------- William J.A. Brillinger Precision Design Co. E-Mail: mailto:billy@xxxxxxxxxx Web site: http://www.pdcweb.net