That is perfectly as it should work :)
there is infact 2 "viruses", one a dangerous exploit and the other a virus
in the mails you scanning. it should pick both up, cause the mail is infected
with both.... IFrame exploit is also used with alot of the NEW NEW viruses,
so this protects you if a new one comes out today, which uses the iframe
exploit to execute it.
On Fri, 14 Feb 2003, jef moskot wrote:
> On Fri, 14 Feb 2003, Nigel Kukard wrote:
> > most klez infections use the IFrame exploit, so infact the IFrame Exploit
> > will match before the klez one. what we do is break up the email into all
> > the mime peices, decode them and scan the individual portions, most of the
> > time clamscan picks up both iframe & klez, iframe being the first mime part
> > of the message...
>
> That's exactly the sort of thing i've been seeing.
>
> Example:
> /var/log/amavis/amavis-02459327/parts/msg-55339-1.html: Exploit.IFrame.HTML FOUND
> /var/log/amavis/amavis-02459327/parts/msg-55339-2.pif: Worm/Klez.H FOUND
> /var/log/amavis/amavis-02459327/parts/msg-55339-3.txt: OK
>
> I was a little curious about it, but I'm glad to see that that's how it's
> supposed to work.
>
> Jeffrey Moskot
> System Administrator
> [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Nigel Kukard (Chief Executive Officer)
Lando Technologies Africa (Pty) Ltd
[EMAIL PROTECTED] www.lando.co.za
Tel: 083 399 5822 Fax: 086 1100036
Hoheisen Park Bellville, Cape Town
National Internet Service Provider
The best language to use is the language that was designed for
what you want to use it for - 1997
=====================================================================
Disclaimer
----------
The contents of this message and any attachments are intended
solely for the addressee's use and may be legally privileged and/or
confidential information. This message may not be retained,
distributed, copied or used if you are not he addressee of this
message. If this message was sent to you in error, please notify
the sender immediately by reply e-mail and then destroy the message
and any copies thereof.
Opinions, conclusions and other information in this message may be
personal to the sender and is not that of Lando Technologies Africa
or any of it's subsideries, associated companies or principals and
is therefore not endorsed by any of the Lando groups of companies.
Due to e-maill communication being insecure, Lando groups of
companies do not guarantee confidentiality, security, accuracy or
performance of the e-mail. Any liability for viruses is excluded
to the fullest extent.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
