Leonard Tulipan wrote:
What version are you running? Q-S has run AV before doing extension checks for some time now (a year+?). So I can't see how your situation arrives.Hi!
I just stumbled upon a peculiar problem. Most of the Worms are silently rejected thanks to that code-portion, but...
We block most (if not all) executable attachements. So the Perl Scanner part get's triggered, even before it's checked with the virus scanner.
That way people get notices, that they mailed Executables, even though only the worm did that (with a forged FROM).
So, can I change something in the settings, that even blocked executable get checked by the virus scanner and if they seem to be on the silent list -> do nothing. If not, send the notification.
This would probably ease the pain for some people, that seem to get "spammed" with warnings from our qmail-scanner.
Anyway, another workaround is that if your entries in quarantine-attachments.txt have entries like
.lnk 0 LNK files not allowed per Company security policy .scr 0 SCR files typically viruses - blocked
Then ".lnk" would generate an alert to the sender telling them the message was blocked for policy reasons, whereas a mail with a .scr would NOT CAUSE AN ALERT - as the word "virus" is in the description. Just a little trick ;-)
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
