[Mimedefang] HBEDV Reporting broken? - False Positives Reported
Albert E. Whale
aewhale at ABS-CompTech.com
Fri Dec 13 16:33:00 EST 2002
I have some strange occurrences coming into play with the HBEDV
Scanning Tool. Lately I've been seeing MORE and MORE of empty Virus
messages in the MIMEDefang output.
(I just upgraded the Secondary Mail Server from MIMEDefang 2.25 to
2.28-Beta3 - just in case this has a play on it).
Here's a Sample Message:
This was message was found to be carrying an attachment
that contained a known virus. The attachment has been replaced.
The following information may be helpful to determine its source:
Sender: <suzanne8004 at kebi.com>
From: suzanne8004 at kebi.com
Virus:
Attachment:
Mime-Encoding: text/plain
The original sender may NOT have been notified
(Btw, access to the KEBI.COM Network is BLOCKED, at the router, - I'll
provide additional information to interested parties off-line).
Anyway, the HBEDV software is recent. Output of the Version info.
AntiVir / Linux Version 2.0.6-7
Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH.
All rights reserved.
Loading /usr/lib/AntiVir/antivir.vdf ...
VDF version: 6.17.0.6 created 10 Dec 2002
I am Curious, Since the Network is Blocked, would this present a False
Positive on the Antivirus Report? There is no Domain information which
is returned from this DNS Query (not that this is a Problem for this
Email, but it would explain this issue).
Ideas?
--
Albert E. Whale - CISSP
http://www.abs-comptech.com
----------------------------------------------------------------------
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
Sr. Security, Network, and Systems Consultant
Board of Directors - InfraGard - Pittsburgh, PA
More information about the MIMEDefang
mailing list