[Mimedefang] New virus out, how do I confirm no errors?

Karel.DeBruyne dbruyne at uia.ua.ac.be
Wed Dec 5 02:46:23 EST 2001


My (little) experience here tells me you've probably got some users
reading their hotmail from one of the pc's, and the contamination
came in that way.

Karel

On Tue, 4 Dec 2001, David F. Skoll wrote:

> On Tue, 4 Dec 2001, Fox, Randy wrote:
>
> > A new virus came out today with an attachment gone.scr.  MIMEDefang has
> > stripped several of these as expected.  However, while working with the
> > users, it is evident that some got through and were then cleaned by the
> > virus scanner on our internal Exchange servers.
>
> That is very bad.  A couple of thoughts:
>
> 1) Is there any way mail could come in and bypass the MIMEDefang server?
> Since they all have the X-Scanned-By: header, that's unlikely, but it
> may be possible.
>
> 2) Do any of the failed messages have an X-MIMEDefang-Warning: header?
>
> 3) Can you post your filter code?  Maybe there's something wrong there.
>
> 4) Could you post the headers and MIME part headers for a message which
> failed?
>
> I've been monitoring a few MIMEDefang installations, and they all seem
> to have caught everything.
>
> --
> David.
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>

=======================================================================
Karel De Bruyne
System/Network Manager                      phone      + 32 3 820 22 04
UIA - Network Service                       fax        + 32 71 83 43 00
Universiteitsplein 1 - B0.12                email  dbruyne at uia.ua.ac.be
B 2610 Wilrijk - Belgium              http://www.uia.ua.ac.be/u/dbruyne
=======================================================================




More information about the MIMEDefang mailing list