Aaron Thoreson said the following on 11/08/2004 16:03:
Earlier in the week, the new variant of W32/[EMAIL PROTECTED] was slipping
past q-s/f-prot 4.4.2 so we saught to block .zip attachments entirely
for the few hours we thought it would take f-prot to update their
signatures.
However, adding a line like:
.zip 0 temporarily prevent zip files
and running /var/qmail/bin/qmail-scanner-queue.pl -g
still allowed the viruses through.
I figured I must have done something wrong, even though the message
changed from 9 entries to 10, so I tested the built-in defaults.
Sure enough, a message with an attachment titled Happy99.exe or
eicar.com ( but containing only /dev/random gibberish ) was delivered
just fine.
Is there a way I have to configure q-s to use its internal rules as well
as use the virus scanner to process mail? Can anyone point me to where
to start looking or tell me which files the list would need to see to
diagnose the problem?
It should be noted that we're blocking actual viruses just fine, logging
is working correctly, and we're getting no error messages in any of the
qmail logs... So it seems to me q-s is configured correctly.
Something simple and/or obvious I hope? :)
Did you make Happy99.exe 10000 bytes long and EICAR.COM 69 bytes long?
--
Redmond, we have a problem.
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
