If you also use Declude Junkmail, you can add a line to your global.cfg like:
XSPOOLNAME ON And it will add the queue file number to the headers of each email it scans. I do not know if this will work in the virus.cfg. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chase Seibert Sent: Thursday, February 24, 2005 9:49 AM To: [email protected] Subject: [Declude.Virus] SCR question I just got an email in my inbox with a file attachment called: Beethoven's_Symphony_No.XP2002.Zip.scr I looked as the eml file, and the attachment is referenced there as: Content-Type: application/octet-stream; Name = "Beethoven's_Symphony_No.XP2002.Zip.scr" Content-Transfer-Encoding: Base64 Content-Disposition: attachment; FileName = "Beethoven's_Symphony_No.XP2002.Zip.scr" My question is, why is this being passed by Declude virus? I have the following lines in my virus.cfg: BANEXT scr .. BANZIPEXTS ON I cannot find the string "Beethoven" at all in my virus log files, which typically contains file names that were scanned. The logs make it seem as if other SCR files are getting blocked, such as this line for another message: 02/24/2005 00:09:34 Q618d326e00fe66d1 Invalid SCR Vulnerability 02/24/2005 00:09:34 Q618d326e00fe66d1 Banning file with scr extension [audio/x-wav]. I'm having some trouble locating this message in my logs. The logs appear to identify messages by the Q* file name, which is not carried over into the delivered message headers. Is there a way to insert that identifier in the message header? How about recording X-UIDL or Message-Id in the log file? Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
