[Mimedefang] netsky.c passing MD-2.40 with clamav+uvscan
Alan Lehman
alehman at gbutler.com
Mon Mar 15 22:46:08 EST 2004
I'm seeing a fair number of netsky.c infected zip files pass my system
(MD-2.40) with clamav and uvscan configured. Most are caught by MD, but
the misses are being caught at a downstream eggchange box running
Mcafee groupshield. The default filter section "look inside zip files"
is enabled. I tried blocking specific zip file names. That helped, but
new ones kept showing up, so I gave up and started blocking all zip
files today. That stopped the occurances at the exchange box. Any ideas?
It seems curious that groupshield catches stuff that gets past uvscan.
Also, since I started blocking zip files, I'm still seeing
W32/Netsky.c at MM!zip viruses being reported by MD. Does it scan for
viruses in files that are rejected based on filename extension?
thanks,
Alan
More information about the MIMEDefang
mailing list