[Mimedefang] HBEDV Reporting broken? - False Positives Reported

Albert E. Whale aewhale at ABS-CompTech.com
Sat Dec 14 11:03:01 EST 2002


Upon further review, I have found that the Name Servers were unable to
retrieve IP Addresses information from the Domain Addresses which are being
Blocked by the Filters on the Router.

Can we change this functionality from reporting a False Virus Positive to a
Name Server Timeout?  I'll gladly submit any supporting information needed
for this functional change.

"Albert E. Whale" wrote:

> I have some  strange occurrences coming into play with the HBEDV
> Scanning Tool.  Lately I've been seeing MORE and MORE of empty Virus
> messages in the MIMEDefang output.
>
> (I just upgraded the Secondary Mail Server from MIMEDefang 2.25 to
> 2.28-Beta3  - just in case this has a play on it).
>
> Here's a Sample Message:
>
> This was message was found to be carrying an attachment
> that contained a known virus.  The attachment has been replaced.
> The following information may be helpful to determine its source:
>         Sender:         <suzanne8004 at kebi.com>
>         From:   suzanne8004 at kebi.com
>         Virus:
>         Attachment:
>         Mime-Encoding:  text/plain
>
> The original sender may NOT have been notified
>
> (Btw, access to the KEBI.COM Network is BLOCKED, at the router, - I'll
> provide additional information to interested parties off-line).
>
> Anyway, the HBEDV software is recent.  Output of the Version info.
>
> AntiVir / Linux Version 2.0.6-7
> Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH.
> All rights reserved.
>
> Loading /usr/lib/AntiVir/antivir.vdf ...
>
> VDF version: 6.17.0.6 created 10 Dec 2002
>
> I am Curious, Since the Network is Blocked, would this present a False
> Positive on the Antivirus Report?  There is no Domain information which
> is returned from this DNS Query (not that this is a Problem for this
> Email, but it would explain this issue).
>
> Ideas?
>
> --
> Albert E. Whale - CISSP
> http://www.abs-comptech.com
> ----------------------------------------------------------------------
> ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
> Sr. Security, Network, and Systems Consultant
> Board of Directors - InfraGard - Pittsburgh, PA
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

--
Albert E. Whale - CISSP
http://www.abs-comptech.com
----------------------------------------------------------------------
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
Sr. Security, Network, and Systems Consultant
Board of Directors - InfraGard - Pittsburgh, PA





More information about the MIMEDefang mailing list