[Exim] OT: Virus passes....

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Michael Jakscht
Data:  
Para: exim-users
Asunto: [Exim] OT: Virus passes....
Hi,

I don't know where to ask because this is very off-topic I think, but maybe
someone can help me out here.
Since I switched to Exim 4.12 with SA 2.44 via exiscan4.12-24 I have one
Virus passing the McAfee uvscan.
It's the "X-Infected: Found the W32/Hybris.gen@MM virus !!!" and only this
Virus as far as I can see.
I got this Virus yesterday two times and I absolutely can't believe why it
passes!
Is there any possibility for a very rare case in that exiscan does not
reject messages containing a virus?
While writing this I'm wondering if this is not a bit more an exiscan issue
because uvscan has detected the mail and exiscan marks it with the
X-Infected - Headerline.
Or is this an exim system filter issue because I redirect all mails
containing viruses to the virusalert alias which is expanded to four or
five admins here...
Is it possible that the system filter is not used sometimes (maybe with
some sort of special headers) ?
The whole mail is just being redirected without having the system filter
generate warning messages...
Also I have no clue why exiscan let's the .scr attachment pass because this
extension is in the list of reject files...

I'm stock and don't know where the problem is...
Please help, thanx,

Michael




PS: Header from the second mail not being blocked but being redirect as it
is to the virusalert alias follow...




=========================================




Received: from mail.vit.de ([213.69.199.241]) by rzvmail.vit.de (Lotus SMTP
MTA v4.6.1  (569.2 2-6-1998)) with SMTP id C1256CDA.005808E7; Fri, 27 Feb
1970 17:01:01 +0100
Received: from [205.231.163.100] (helo=mail.supermodel.com)
     by mail.vit.de with esmtp (Exim 4.12)
     id 18oQUD-0008Ox-00
     for depken@???; Thu, 27 Feb 2003 17:02:17 +0100
Received: by mail.supermodel.com (Postfix)
     id 72778CC530; Thu, 27 Feb 2003 10:16:12 -0500 (EST)
Delivered-To: xyz@???
Received: from pavilion (01-042.080.popsite.net [66.19.143.42])
     by mail.supermodel.com (Postfix) with SMTP id CA43ECC36D
     for <xyz@???>; Thu, 27 Feb 2003 09:19:45 -0500 (EST)
From: Hahaha <hahaha@???>
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE38HIVKHUV"
Message-Id: <20030227141946.CA43ECC36D@???>
Date: Thu, 27 Feb 2003 09:19:46 -0500 (EST)
To: undisclosed-recipients: ;
X-Infected: Found the W32/Hybris.gen@MM virus !!!
X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/)
*18oQUD-0008Ox-00*kNL4sC6nLKk*
X-Filtered-by: mail.vit.de at 2003-02-27 17:02:27
X-Delivered-To: jakscht@???




Today, Snowhite was turning 18. The 7 Dwarfs always where very educated and
polite with Snowhite. When they go out work at mornign, they promissed a
*huge* surprise. Snowhite was anxious. Suddlently, the door open, and the
Seven
Dwarfs enter...


Attachment: "midgets.scr"
or (1st mail:) "joke.exe"