Hi We're getting false-positives on our mail server running qmail-ldap 1.20 and Kaspersky's AVP 4.0.3.0. Every now and then, a mail gets quarantined without being really infected, but somehow qmail-ldap & AVP think so. We've been having these problems for about a week now (maybe before but we hadn't realised earlier?).
This is an extract from the warning mail sent to our admin address: Found viruses: /var/spool/qmailscan/tmp/correo107907842148231303/orig-correo107907842148231303 archive: Mail /var/spool/qmailscan/tmp/correo107907842148231303/orig-correo107907842148231303/[From [EMAIL PROTECTED] Fri, 12 Mar 2004 08:55:33 +0100]/text ok. /var/spool/qmailscan/tmp/correo107907842148231303/orig-correo107907842148231303/[From [EMAIL PROTECTED] Fri, 12 Mar 2004 08:55:33 +0100]/textfile.exe infected: I-Worm.Moodown.b I've grep'ed the quarantined mail for that "[EMAIL PROTECTED]" and it's not even there at all... In fact it is a mail automatically generated in one of our Linux servers with info extracted directly from our DB... no way can be a virus in there. Here's another such example: Known viruses were detected Found viruses: /var/spool/qmailscan/tmp/correo10787637534829987/3-albelda_protesta.jpg archive: ZIP /var/spool/qmailscan/tmp/correo10787637534829987/3-albelda_protesta.jpg/topseller.com infected: I-Worm.Moodown.b I've qmail-inject'ed the mail into my maildir and the file _is_ a jpeg and there's no way to open it using zip. And besides that, this mail was sent from a Macintosh! Any ideas? Anybody else has had a similar problem? -- Vicente Aguilar <[EMAIL PROTECTED]> Departamento de Sistemas Tlf.: 965 98 71 92 Recursos en la Red, S.L.U. http://www.renr.es ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
