>
> This may be an old problem, because someone on the sophie
> list told me to
> look in the archives of qmail-scanner. I haven't found
> anything yet, and
> want to bring up the subject again. Sophie misses the
> w32.brid.a virus
> which is a variant of Funlove. I contacted Sophos, and this
> is the response
> I received:
>
> ------
> Hello Trey-
> Sophos is in the process of fixing the virus scanning
> engine for Linux
> in order to detect this virus. This fix is needed due to the
> virus having
> malformed mail headers. MailMonitor for Solaris and
> MailMonitor for NT
> have been fixed, but we are still working on the Linux
> version. The IDE
> for this virus is available, but it is the engine itself that
> needs to be
> fixed.
>
> Thank you,
> Karen Serevitch
>
> ------
> I sent another email asking about an ETA on a fix, but they
> do not have one.
> Someone on the sophie list suggested changing to ripmime to
> help catch it.
> Does that do it? Are there any other problems created?
>
> I have added the following line to our
> quarantine-attachments.txt file, but
> I don't have any samples of this virus, so I'm not sure if it
> is working.
> README.EXE 114687 Funlove
>
> (yes, it's TAB delimited)
>
>
> This virus is spreading around town VERY rapidly here, so any
> comments/suggestions would be appreciated.
>
> Trey Nolen
This won't work because reformime does not recognize the w32/brid-a
attachment - it sees no attachment whatsoever and therefore passes it
thru. At this time the only solution that I know is to switch to
ripmime or use some downstream filter like maildrop/procmail to scan the
message for README.EXE. If found, then quarantine it. Here is my
maildrop filter:
if (/.*Name = \"README\.EXE\".*/:b)
{
echo "W32/Braid-A virus"
# put it in quarantine
to "/var/qmail/quarantine"
exit
}
--
Ed
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
