[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Mailscanner for RAQ3/4 pkg available
- Subject: RE: [cobalt-users] Mailscanner for RAQ3/4 pkg available
- From: "Fay, Sean" <webmaster@xxxxxxxxxxxxxxx>
- Date: Thu Jul 11 06:56:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
>> No email about it being updated, but the original error email
>> went away. I thought I would get an email only if new
>> definitions were applied.
>>
>> > do you get the email saying that it has been updated?
>yes that's true - but whats concerning me is that when I test it by
>sending a mail with and eicar attachment (virus tester) it goes straight
>though as clean, it does get scanned but its not being detected as a
>virus yet all virus scanners should detect it. so now I'm looking at
>f-prot.
>
>Has anyone seen the virus scanning actually kick out a virus? - without
>wishing to start a virus war - we are all sysadmins of some sort here
>does anyone have a virus they could put on an ftp for testing.
I made the changes as indicated earlier to the cron.daily file so it
will go get the updates nightly. When I re-ran it I didn't get an
email. I assumed this was because were aren't any updates. It's only
supposed to email out if it downloads an update or that was my impression
of the program when I read the file.
As for the virus scanning, it appears to be working for me. It nailed
11 yesterday and 7 so far today. It puts the original attachments in
this directory: /home/spool/MailScanner/quarantine/YYYYMMDD
It puts {SPAM?} in the subject of the email and it also puts this
message on the top of your customers email:
"Warning: This message has had one or more attachments removed. Please
read the "VirusWarning.txt" attachment(s) for more information."
And then sends a text attachment with full details of the virus found:
=================================================================
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment ".pif"
was believed to be infected by a virus and has been replaced by this warning
message.
If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.
At Wed Jul 10 23:48:28 2002 the virus scanner said:
/home/spool/MailScanner/incoming/g6B3lvN09388/.pif Infection:
W32/Klez.H@mm
Shortcuts to MS-Dos programs are very dangerous in email in .pif
Note to Help Desk: Look on the MailScanner in
/home/spool/MailScanner/quarantine (message g6B3lvN09388).
--
Postmaster
================================================================
Finally it emails the admin this message:
================================================================
The following e-mail messages were found to have viruses in them:
Sender: <chaile@xxxxxxxxxxx>
Recipient: <sandsrss@xxxxxxxxxxx>
Subject: Visibility
MessageID: g6B3lvN09388
Report: /home/spool/MailScanner/incoming/g6B3lvN09388/.pif Infection:
W32/Klez.H@mm
Shortcuts to MS-Dos programs are very dangerous in email in .pif
--
MailScanner
Email Virus Scanner
================================================================
Hope this helps. Seems to be working from my end.
- Sean