Listmembers: This week I once again ran into a situation where my qmail-scanner configuration, in spite of having both ClamAV and Sophos Sweep, didn't manage to remove a couple of virus-infected mails.
In all cases, the situation was similar: a mail containing a virus was sent by some infected PC using an address from one of my domains as the apparent sender to a non-existant of over-quota mailbox. The receiving mailserver composes a bounce message and includes the complete original message as plain text (including headers and MIME-parts) to the delivery failure message. Apparently, because the included original message isn't MIME-attached, the embedded viruses aren't getting decoded and are thus not detected. However, when I fetch these mails from my mailbox, my desktop realtime scanner (Symantec AntiVirus Corporate Edition 8) manages to correctly identify the virus in the messagebody. While the chances of getting infected this way are quite remote because it would require one to first save the appropriate part of the delivery failure message as a message and then import it back into a MUA or open it with a mime-decoder; I still feel that these should be caught. The question is: up whose tree should I be barking? Should I bark at ClamAV and Sophos for not detecting viruses in this type of mails or should I bark at the MIME decoder used by qmail-scanner, or yet someone else? -- Greetings, Maurice ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
