Folks, Just had another infected Novarg email get through to my desktop where Norton picked it up. Below is the script of qmail-queue.log and part of the header of the message. Note that the Content-type is text/plain and has a base64 attachment which was a file named ofo.zip. How does qmailscan determine a message is PLAIN text so as NOT to scan it? However it does it needs to be changed so these infections don't get through. I even have redundant scanning on.
+++snip+++ Wed, 11 Feb 2004 06:38:32 -0500:7585: +++ starting debugging for process 7585 by uid=502 Wed, 11 Feb 2004 06:38:32 -0500:7585: w_c: elapsed time from start 0.036366 secs Wed, 11 Feb 2004 06:38:32 -0500:7585: return-path='[EMAIL PROTECTED]', recips='[EMAIL PROTECTED]' Wed, 11 Feb 2004 06:38:32 -0500:7585: from='[EMAIL PROTECTED]', subj='rhn-users digest, Vol 1 #903 - 1 msg', via S MTP from 66.187.233.30 Wed, 11 Feb 2004 06:38:32 -0500:7585: This is a PLAIN text message, skip virus scanners - but not SA Wed, 11 Feb 2004 06:38:32 -0500:7585: SA: required_hits=4.5 sa_quarantine=0 sa_delete=9.9 Wed, 11 Feb 2004 06:38:32 -0500:7585: SA: finished scan in 1.834806 secs - hits=2.2 Wed, 11 Feb 2004 06:38:32 -0500:7585: p_s: finished scan in 0.014179 secs Wed, 11 Feb 2004 06:38:32 -0500:7585: ini_sc: finished scan of "/var/spool/qmailscan/tmp/corpsrvr10764995125477585"... Wed, 11 Feb 2004 06:38:32 -0500:7585: ini_sc: elapsed time from start 1.916624 secs Wed, 11 Feb 2004 06:38:34 -0500:7585: ------ all finished. Total of 2.049754 secs +++snip+++ Last Part of email Headers (comes after From: and Subject:): X-Mailer: Mailman v2.0.13 MIME-version: 1.0 Content-type: text/plain To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.0.13 Precedence: junk Reply-To: [EMAIL PROTECTED] X-Reply-To: [EMAIL PROTECTED] List-Help: <mailto:[EMAIL PROTECTED]> List-Post: <mailto:[EMAIL PROTECTED]> List-Subscribe: <https://www.redhat.com/mailman/listinfo/rhn-users>, <mailto:[EMAIL PROTECTED]> List-Id: Red Hat Network Users List <rhn-users.redhat.com> List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/rhn-users>, <mailto:[EMAIL PROTECTED]> List-Archive: <https://www.redhat.com/archives/rhn-users/> Content-Transfer-Encoding: base64 Rgds, __________________________ Greg Kelley, Technology Director Britannic Aviation, US and UK US Office: Pease Int'l Tradeport 68 New Hampshire Ave. Portsmouth, NH 03801 603.766.3005 http://www.britannicaviation.com AOPA, EAA, SSA CFII SEL, MEL; Comm Glider ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
