We had a customer get one customized for their domain as well. Since I haven't seen a way for postifx to scan for this and amavisd-new wasn't picking it up either (using UVSCAN) I changed a setting in amavisd.conf to have the scanner unpack the zips instead of amavis.
from amavisd.conf: # set $bypass_decode_parts to true if you have a good virus scanner # that can deal with compression and recursively unpacking archives by itself, # and save amavisd the trouble. It is a double-edged sword, make sure you know # what you are doing! # $bypass_decode_parts = 1; # (defaults to false) After changing this and sending a test through, it caught it. I also updated my amavisd-new to the latest version and all the related perl modules as well. -Mitch Planck ias.net > One of my customers got the following. I only saw one email > from this IP > address. I started to do a header check for "Warning about your e-mail > account" > > > ----- Original Message ----- > > *From:* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > *To:* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > *Sent:* Wednesday, March 03, 2004 9:33 AM > > *Subject:* Warning about your e-mail account. > > > > Dear user, the management of Cshore.com mailing system > wants to let > > you know that, > > > > Some of our clients complained about the spam (negative > e-mail content) > > outgoing from your e-mail account. Probably, you have been > infected by > > a proxy-relay trojan server. In order to keep your > computer safe, > > follow the instructions. > > > > Advanced details can be found in attached file. > > > > For security reasons attached file is password protected. The > > password is "83412". > > > > Kind regards, > > The Cshore.com team > http://www.cshore.com > >
