On Thu, 21 Aug 2003 at 23:40:35 -0600, Support ePaxsys/FRWS wrote: [...] > But begs the question: > As PostMaster of these servers we are blessed with bounces, re-mails and > the like WITH the viruses in them in a lot of cases. > > I have most of these file types blocked by default, the bad ones, including > .pif, in our system-wide procmail filter. What I am seeing is that bounced > or double-bounced emails are being passed right through MailScanner and > ClamAV after being scanned and wind up being blocked at the procmail level > as a malicious file-type. And there have been quite a few. > Why wouldn't ClamAV and/or MailScanner find these and quarantine them just > as it would the virus in a normal email? This is the Sobig.F virus, BTW. Or > is something else going on?
I don't know MailScanner but is there a chance that postmaster address is treated in a special way in it? I mean some setting made _in purpose_ so that it can be contacted as a "last chance". Such approach is quite often and it's reasonable. E.g. some sender or IP address gets into a blacklist, RBL or etc., maybe accidentally. He should have an emergency way of contacting a postmaster so that he can clarify the things. For such reason, checking mail for postmaster, abuse etc. can be limited intentionally. In amavisd-new there are a few detailed exceptions (bypasses) which can be used, like virus_lovers, spam_lovers, banned_files_lovers, bad_header_lovers. I don't know whether it's possible in MailScanner though, anyway I think it should be :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
