Hi, Below a report of a mail that was caught by declude. I then looked at it using "spamreview" (www.slsoft.com/spamreview.htm) and told it to reque the file, putting the D*.SMD and Q*.SMD file back into the C:\IMail\spool directory. I then realised that probably declude would pick it up again and the mail would still not be delivered. However..... the mail was delivered without Declude svanning it.
Here the snippet from sysmmdd.log: 12:23 10:04 SMTPD(queue run) 14831 1 33 12:23 10:04 SMTP-(00000788) C:\IMail\spool\Q4ae5030501047e98.SMD 12:23 10:04 SMTP-(00000788) processing C:\IMail\spool\Q4ae5030501047e98.SMD 12:23 10:04 SMTP-(00000788) ldeliver mailie.tio.nl i.wannet-main (1) [EMAIL PROTECTED] 4330 12:23 10:04 SMTP-(00000788) finished C:\IMail\spool\Q4ae5030501047e98.SMD status=1 As you can see from this snippet of the virus.log file, the mail was not scanned by Declude: 12/23/2002 10:01:20 Qd0df05ab0104563b Scanned: Virus Free [MIME: 1 715] 12/23/2002 10:04:02 Qd181016f0198cefa Scanned: Virus Free [MIME: 2 431] 12/23/2002 10:04:26 Qd1990064016a2e95 Scanned: Virus Free [MIME: 2 1273] 12/23/2002 10:05:12 Qd16f001902888822 Scanned: Virus Free [MIME: 3 610404] Why did Declude not scan it the second time? Because it was a local delivery? Are *all* local deliveries not scanned? Can somebody please tell me what the process was that happened here so I can better understand it and better understand possible gaps in the virus security. Met vriendelijke groet, Bonno Bloksma --------------------------------- This is the original report from Declude when the mail was caught the first time. Declude Virus v1.65 caught the [Conflicting Encoding Vulnerability] virus in Unknown File from [EMAIL PROTECTED] to: [EMAIL PROTECTED] Date: 12/20/2002 17:52:55 Subject: Vervallen van uw WAP2 mobiele nummer Spool File: D4ae5030501047e98.SMD Remote IP: 80.60.240.173 Headers: Received: from proxy.campusstores.nl [80.60.240.173] by mailie.tio.nl (SMTPD32-7.07) id AAE53050104; Fri, 20 Dec 2002 17:52:53 +0100 Received: (qmail 3402 invoked by uid 3001); 20 Dec 2002 16:48:08 -0000 Date: 20 Dec 2002 16:48:08 -0000 Message-ID: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Vervallen van uw WAP2 mobiele nummer MIME-Version: 1.0 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Content-Type: multipart/alternative; boundary="=_a214198d5726d1ecfde9ab707b7eb74e" --- [This E-mail scanned for viruses by Declude Virus using f-prot] --- [This E-mail scanned for viruses by Declude Virus using f-prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
