> Hi, > > I have qmail-scanner 1.10 setup with a quarantine that denies > any .exe > attachment. It does recursive scan. It uses AvpLinux for > "normal" scanning. > > On Nov 10, 21:45 (MET timezone) a couple dozen emails by this > virus bypassed > qmail-scanner completely. > > W32Bride exploits the iframe vulnerability; see the email I > mention at the end > of this message for the exact sections. > > I believe is due to reformime (v 1.40) not recognising the > MIME sections, and > thus not extracting the README.exe file with x/wav heading. > > I've put a copy of the message in > http://insflug.org/W32bride.txt I've edited > some things > (just overwritten) for confidentiality, apart from that the email > (as appeared in the users mailbox) is intact. > > regards,
If you notice it does have the header "X-Mailer: EBT Reporter v 2.x" which seems to be consistent with this virus. You could add: EBT Reporter v 2.x<TAB>Virus-X-Mailer:<TAB>W32/Bride To your quarantine-attachments.txt file until this problem is resolved. Ed. ------------------------------------------------------- This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
