I also had to add the SKIPIFVIRUSNAMEHAS Mytob to my eml files.
----- Original Message ----- From: "John Carter" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, April 15, 2005 2:53 PM
Subject: RE: [Declude.Virus] Skipifforging not working on Mytob
Shayne:
I haven't heard anything from anyone else. To the existing SKIPIFFORGING, I
have added the following to sender, recip, and postmaster eml's. I know it
is just covering up the underlying problem, but a cure is a cure. Will let
you know if it helps.
SKIPIFVIRUSNAMEHAS Mytob
John
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shayne Embry Sent: Friday, April 15, 2005 11:53 AM To: [email protected] Subject: RE: [Declude.Virus] Skipifforging not working on Mytob
I have also been experiencing this, for over a week. I'm only using F-Prot,
but have added the appropriate lines to eml and virus.cfg files as John has.
The only other difference is that I'm using SmarterMail.
Shayne
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Friday, April 15, 2005 10:48 AM To: [email protected] Subject: [Declude.Virus] Skipifforging not working on Mytob
Shortly after adding ClamAV to the Imail Server a few days ago, my system started sending virus notices on Mytob (and so far, only Mytob) even though I have SKIPIFFORGING in the sender.eml, recip.eml and postmaster.eml, plus I have Mytob in the list of forging viruses in the virus.cfg. In the virus log lines below, scanner 1 is F-Prot and scanner 2 is ClamAV. The timing to the addition to ClamAV may be only a coincidence.
Any ideas about what's happening?
Thanks, John
Notice lines: ================================================================== Declude Virus 2.0.5 caught a incoming virus
Subject: hello From: [Forged] To: [EMAIL PROTECTED] Msg ID: <[EMAIL PROTECTED]> Queue#: D74590703010e25a9.SMD Remote IP: 63.197.109.187 Virus Name/File: W32/[EMAIL PROTECTED] data.zip
postmaster.eml ================================================================== SKIPIFFORGING From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: E-mail virus notice
Declude Virus %VERSION% caught a %INOROUT% virus
Subject: %SUBJECT% From: %MAILFROM% To: %ALLRECIPS% Msg ID: %MSGID% Queue#: %QUEUENAME% Remote IP: %REMOTEIP% Virus Name/File: %VIRUSNAME% %VIRUSFILE%
Headers: %HEADERS%
Virus log lines: ==================================================================== 04/15/2005 02:59:36 Q74590703010e25a9 Banning .ZIP file with exe extension. 04/15/2005 02:59:36 Q74590703010e25a9 Scanner 1: Virus=W32/[EMAIL PROTECTED] Attachment=data.zip [36] I 04/15/2005 02:59:37 Q74590703010e25a9 Scanner 2: Virus= Worm.Mytob.T-2 Attachment=data.zip [36] I 04/15/2005 02:59:37 Q74590703010e25a9 File(s) are INFECTED [W32/[EMAIL PROTECTED]: 1] 04/15/2005 02:59:37 Q74590703010e25a9 Deleting file with virus 04/15/2005 02:59:37 Q74590703010e25a9 Deleting E-mail with virus! 04/15/2005 02:59:37 Q74590703010e25a9 Scanned: CONTAINS A VIRUS [MIME: 2 58859] 04/15/2005 02:59:37 Q74590703010e25a9 From: [Forged] To: [EMAIL PROTECTED] [incoming from 63.197.109.187] 04/15/2005 02:59:37 Q74590703010e25a9 Subject: hello
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
