Using latest exim and exiscan + F-Prot scanner
Seems to be doing a pretty good job however I noticed that there are a few
zip files getting through with MyDoom in them
I took the zips and scanned them on the mail server and they all report
virus's
Virus scanning report - 29 January 2004 @ 15:31
F-PROT ANTIVIRUS
Program version: 4.3.2
Engine version: 3.14.7
VIRUS SIGNATURE FILES
SIGN.DEF created 28 January 2004
SIGN2.DEF created 28 January 2004
MACRO.DEF created 26 January 2004
Search: document.zip
Action: Report only
Files: Attempt to identify files
Switches: <none>
/home/document.zip->document.pif Infection: W32/Mydoom.A@mm
Results of virus scanning:
Files: 1
MBRs: 0
Boot sectors: 0
Objects scanned: 2
Infected: 1
Suspicious: 0
Disinfected: 0
Deleted: 0
Renamed: 0
Time: 0:00
The exim scanner command I am using is :-
av_scanner = cmdline:/usr/local/f-prot/f-prot %s:Infection:Infection. (.+)$
And ACL
# Reject messages containing malware.
deny message = This message contains malware ($malware_name)
demime = *
malware = *
accept
Just can't make out why some are getting through although its stopping
others. Has anyone any ideas where to look?
Thanks
Darren
