[Mimedefang] New virus out, how do I confirm no errors?
David F. Skoll
dfs at roaringpenguin.com
Tue Dec 4 17:49:16 EST 2001
On Tue, 4 Dec 2001, Fox, Randy wrote:
> A new virus came out today with an attachment gone.scr. MIMEDefang has
> stripped several of these as expected. However, while working with the
> users, it is evident that some got through and were then cleaned by the
> virus scanner on our internal Exchange servers.
That is very bad. A couple of thoughts:
1) Is there any way mail could come in and bypass the MIMEDefang server?
Since they all have the X-Scanned-By: header, that's unlikely, but it
may be possible.
2) Do any of the failed messages have an X-MIMEDefang-Warning: header?
3) Can you post your filter code? Maybe there's something wrong there.
4) Could you post the headers and MIME part headers for a message which
I've been monitoring a few MIMEDefang installations, and they all seem
to have caught everything.
More information about the MIMEDefang