Is there a way to tell qmail-scanner what to check first when scanning?
For example, this Exploit.IFrame.Download virus/worm appears to sometimes send a .exe attachment. I have configured qmail-scanner to disallow .exe and .pif (and other) attachments and have also told qmail-scanner that 'iframe' should be treated as a "silent" virus. What appears to be happening is that qmail-scanner disallows the .exe attachment, and notifies the sender (who didn't send the message since it was spoofed) that "Executable attachements are disallowed". This happens before my antivirus scanner is ever called, which means that qmail-scanner never knows that this is actually a virus, so it never knows the virus's name, and therefore can not treat it as one of my 'silent viruses' . Also, these then appear in my logs as hits on "executables not allowed" rather than a hit as "Exploit.IFrame.Download" so I can not acurately track and report on them. A quick solution to stop innocent people from getting notifications on these is to re-allow .EXE attachements, but a little more research reveals that this particular virus/worm seems to randomly send .exe or .pif or .scr attachments so I would be forced to allow all of them again. Any ideas/comments/help? As always, thanks for any help. --- Bill Arlofski Unix/Novell Systems Administrator The Hotchkiss School [EMAIL PROTECTED] 860-435-3140 ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
