Anyone else having a few Zafi.B's slip through?
We have a couple SMTP-only anti-spam/virus mail servers which are running qmail-scanner/SA/clamd (running freshclam every hour), which then forward messages to our "real" mail servers running vpopmail etc. On our scrubbers I see about 440 "Worm.Zafi.B" have been caught since last Friday.
However, one of our vpopmail servers which is running TrendMicro's ServerProtect, is finding the virus in "PE_ZAFI.B" in quite a few messages that have made it past our scrubbers.
Make sure they actually made it past the scrubbers and wasn't delivered directly to the vpopmail servers.
If the hostname mail.[domain.tld] resolves, the smtp engine in Zafi sometimes deliver directly to that host, rather than to the MX hosts for [domain.tld].
So if you have set up mail.somedomain.com as a convenient hostname for the recepients of somedomain.com on the vpopmail servers to use when they login to to fetch their email, you will get Zafi (and other) virus delivery attempts to the vpopmail servers even though they are not MX servers for the domain.
This might be true for other host names than mail. as well, it's just the one I have noticed.
Patrik
------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
