[Mimedefang] New virus out, how do I confirm no errors?

David F. Skoll dfs at roaringpenguin.com
Tue Dec 4 17:49:16 EST 2001

On Tue, 4 Dec 2001, Fox, Randy wrote:

> A new virus came out today with an attachment gone.scr.  MIMEDefang has
> stripped several of these as expected.  However, while working with the
> users, it is evident that some got through and were then cleaned by the
> virus scanner on our internal Exchange servers.

That is very bad.  A couple of thoughts:

1) Is there any way mail could come in and bypass the MIMEDefang server?
Since they all have the X-Scanned-By: header, that's unlikely, but it
may be possible.

2) Do any of the failed messages have an X-MIMEDefang-Warning: header?

3) Can you post your filter code?  Maybe there's something wrong there.

4) Could you post the headers and MIME part headers for a message which

I've been monitoring a few MIMEDefang installations, and they all seem
to have caught everything.


More information about the MIMEDefang mailing list