I posted earlier about this and no response. The numbers received here per
server have been on the order of ten times your reported 400 so I had to
do something. Here is what I ended up doing (NOTE: if you installed
somewhere other than default, change the path below to reflect your spool
directory).
1. Edit /var/spool/qmailscan/quarantine-attachments.txt and remark out the
two file extensions I have seen with this: .pif and .scr:
i.e. change:
.scr 0 SCR files not allowed per Company security policy
.pif 0 PIF files not allowed per Company security policy
to:
# .scr 0 SCR files not allowed per Company security policy
# .pif 0 PIF files not allowed per Company security policy
2. Rebuild the database:
$ /var/qmail/bin/qmail-scanner-queue.pl -g
This will allow any .scr and .pif files through.
Depending upon the version of qmail-scanner you are using you might have to
add sobig to the "silent" list in /var/qmail/bin/qmail-scanner-queue.pl
(again change the path if non standard installation).
Some of my servers were running 1.15, some 1.16. Seems 1.16 has sobig
already but I had to add it to the 1.15 machines. I just put the apparently
default 1.16 list in 1.15:
my @silent_viruses_array=\
('klez','bugbear','hybris','yaha','braid','nimda','tanatos',\
'sobig','winevar');
(Where "\" signifies line continuation)
You should also (obviously) run freshclam or whatever to make sure that your
virus def's are up to date.
This seems a less than perfect solution (I would like to block all
potentially dangerous attachments) but is at least not contributing to the
considerable confusion by sending notices to innocents.
Hope this helps. If anyone has a more elegant fix please let me know.
-Tom
Tom deLombarde
[EMAIL PROTECTED]
FTM Development
PO Box 269
Shelby, Ohio 44875
http://www.blackflute.com/
Greg Kelley writes:
Folks,
So far today we have trapped over 400 infected emails with the Sobig.F
attachment. Because this is getting recognized first as a disallowed
attachment type, an email to the 'sender' is getting generated which just
adds to the millions of emails already out there flooding the net. I have
sobig in my silent-virus list, but it isn't getting processed (I think)
because it's getting picked up first by perlscan. Is there a way to get an
infected email with known attachment type to follow the silent-virus list?
Rgds,
__________________________
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US Office:
Pease Int'l Tradeport
68 New Hampshire Ave.
Portsmouth, NH 03801
603.766.3005
http://www.britannicaviation.com
AOPA, EAA, SSA
CFII SEL, MEL; Comm Glider
------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
