Full Disclosure mailing list archives
Re: Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail
From: harald () deppeler org
Date: Thu, 4 Sep 2003 10:02:56 +0200
On Wed, Sep 03, 2003 at 12:56:31PM +0200, Dr. Peter Bieringer wrote:
Response from support: add in section "[smtp]" option "whole_file_scan=yes"
this is only partly a remedy. in our case VirusWall (in SMTP daemon mode) detects the virus if an 'original' mail containing the SOBIG.F virus is manually bounced (e.g. by bouncing it in the mutt MUA) to our VirusWall. if the bounce is made by qmail on the other side, the bounced mail contains some more text and the original mail and it is not detected by our VirusWall (Solaris, engine 5.6150, current pattern). ScanMail on NT detects the virus either way. cu - Harry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail Dr. Peter Bieringer (Sep 03)
- Re: Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail Dr. Peter Bieringer (Sep 03)
- Re: Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail Dr. Peter Bieringer (Sep 05)
- Re: Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail harald (Sep 04)
- Re: Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail Dr. Peter Bieringer (Sep 03)