i'm not sure did you receive my zipped email source file with password "virus". we finally add the following entry
EBT Reporter v 2.x Virus-X-Mailer: W32/Braid-A to the quarantine-attachments.txt. ban the .exe or README.EXE don't work. strange problem. ---- Chris ----- Original Message ----- From: "Jason Haar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 06, 2002 5:23 PM Subject: Re: [Qmail-scanner-general]qmail-scanner bugs On Wed, Nov 06, 2002 at 03:29:09PM +0800, Chris wrote: > Hi, > > qmail-scanner can't handle some fake "Content-Type" virus like > W32/Braid-A > http://www.sophos.com/virusinfo/analyses/w32braida.html > > this virus is smart. it don't use the correct Content-Type > "application/x-msdownload". but use "audio/x-wav". we have receive tons of > this virus even we use latest maildrop, qmail-scanner and sophos. Michael ..then your Sophos install doesn't detect it? I mean, "what does the logs say"? does Q-S mention there's an attachment called README.EXE or not? If there is, then Sophos isn't detecting it (or reformime is broken). > any patch available for this issue?. i can forward a zipped copy of the > virus email to you if it's need. Yeah - send it to me. But zip it up in a password-protected zip file first, or GPG it with a password. > > the following is several lines from the virus email. > > > --====_ABC1234567890DEF_==== > Content-Type: audio/x-wav; > Name = "README.EXE" > Content-Transfer-Encoding: base64 > Content-ID: <EA4DMGBP9p> > He he he. As Q-S Admin I get the bounces. I've just received two virus alerts from some Q-S users who are using RAV SMTP scanner. It has *INCORRECTLY* deduced that your message has a audio/x-wav attachment called README.EXE and has blocked it. That's pretty broken... Amusing :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
