Re: [Qmail-scanner-general]Troj/Tofger-A

Thu, 20 Nov 2003 08:56:08 -0800

Doug Monroe wrote:
Salvatore Toribio wrote:

I've received this report from Sophos

Troj/Tofger-A may arrive attached to an email as a password protected ZIP file. The email would have a blank subject line, the message text "Hi! As I've promised I'm sending you my photo. Use old password: 123" and an attached file named MyProfile.zip.

It's a good idea to add this line in quarantine-attachment.

MyProfile.zip 0 Virus Troj/Tofger-A 

AFAIK, this won't work with QS
you can -either- reject based on extension (.zip) with:
 .zip<TAB>0<TAB>ZIP files rejected

-or- reject a -specific- filename of -specific- bytes with:
  filename<TAB>size (in bytes)<TAB>Description of virus/whatever

in other words, you can't combine the two "types"


It works, I've been blocking SoBig with these...

movie0045.pif           0       Sobig Virus
wicked_scr.scr          0       Sobig Virus
application.pif         0       Sobig Virus
document_9446.pif       0       Sobig Virus
details.pif             0       Sobig Virus
your_details.pif        0       Sobig Virus
thank_you.pif           0       Sobig Virus
document_all.pif        0       Sobig Virus
your_document.pif       0       Sobig Virus

And here are the logs:

20/11/2003 16:40:41:19254: +++ starting debugging for process 19254 by uid=81 at 20/11/2003 16:40:41
20/11/2003 16:40:41:19254: w_c: elapsed time from start 0.149296 secs
20/11/2003 16:40:41:19254: g_e_h: return-path is "[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]"
20/11/2003 16:40:41:19254: [EMAIL PROTECTED], subj=To be or not to be, via smtp from 193.43.129.131
20/11/2003 16:40:41:19254: sophie: finished scan in 0.083325 secs
20/11/2003 16:40:41:19254: SA: finished scan in 0.227523 secs - hits=1.0
20/11/2003 16:40:41:19254: p_s: Quarantine MyProfile.zip! (Virus Troj/Tofger-A)
20/11/2003 16:40:41:19254: p_s: Quarantine myprofile.zip! (Virus Troj/Tofger-A)
20/11/2003 16:40:41:19254: p_s: finished scan in 0.022092 secs
20/11/2003 16:40:41:19254: ini_sc: finished scan of dir "/var/spool/qmailscan/tmp/apo136.usc.urbe.it106934284148419254"
20/11/2003 16:40:41:19254: ini_sc: elapsed time from start 0.521141 secs
20/11/2003 16:40:42:19254: ------ all finished. Total of 0.702532 secs

Ciao

Salvatore


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to