Here are the Bagle-related entries in my
/var/spool/qmailscan/quarantine-attachments.txt. They, in addition to
rejecting all executable content with Russ Nelson's qmail-smtpd-viruscan
patch, and rejecting all .pif files (with other lines in
quarantine-attachments.txt), have been very effective
Hi,
Thanks for posting your quarantine-attachments.txt entries. I had a few of
those, but the list sure helped. Also, add:
Information.zip0 Bagle-H/I
...just got it that one.
File sizes I've seen are:
MoreInfo.pif 12288 bytes
TextFile.zip 12416 bytes
Attach.zip 12420 bytes
Readm
nce, here are the headers (see below) of a virus sent out by an
infected machine. Kaspersky pulled out the 141.140.105.194 address,
determined who should be told, and told them (me). An option to do this
sort of thing with ClamAV/qmail-scanner would be great!
Thanks,
Ted Fines
Macalester Col
Hi all,
System: qmail 1.03, qmail-scanner 1.20rc2
The problem, in a nutshell:
[EMAIL PROTECTED] bin]# su fines (unprivileged acct)
[EMAIL PROTECTED] bin]$ ./qmail-scanner-queue.pl -g
perlscanner: generate new DB file from
/var/spool/qmailscan/quarantine-attachments.txt
X-Qmail-Scanner-1.20rc2:
I realize both of the following suggestions shouldn't have to be done. But
you sound under a lot of duress, and trying these won't hurt.
(1) Have you tried using the qmail-scanner-queue wrapper program in the
contrib durectory of the qmail-scanner distro? Before you reject the idea,
I'll just
forwarding
now works and the bodies are included.
So it looks like I have something configured incorrectly regarding
forwarding AND qmail-scanner at the same time. Does anyone know what?
Thanks,
Ted Fines
Macalester College
---
This SF.N
