>Today I detected a .pif virus in a users mailbox . >It somehow tricked IMGate
this occurs due to funny, weird stuff that gets past posfix, and is exactly why postfix should not be your only AV defense, although it works very well as first line of defense >, but I'm unable to find the real reason for it. after the msg is received and de-MIMEd or whatever by the MUA, it's very hard to do the forensics. >Here are the logs, > >May 28 08:44:04 mail3 postfix/smtp[29468]: 90F7D17B9: [EMAIL PROTECTED], >relay=216.133.67.7[216.133.67.7], delay=1 >, status=sent (250 Message queued) > >PS: Check out the message size, (114663bytes). >PS 2: The sender seems in the header as [EMAIL PROTECTED] however, >in the logs, it seems it's coming from [EMAIL PROTECTED] Which one is >forged? could be both. if you were running SAV, then perhaps 4784lawa would have been refused by gte's mx and postfix would have refused the msg. Len
