[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail

To: "Dr. Peter Bieringer" <pbieringer@xxxxxxxxxx>
Subject: Re: [Full-Disclosure] Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail
From: harald@xxxxxxxxxxxx
Date: Thu, 4 Sep 2003 10:02:56 +0200

On Wed, Sep 03, 2003 at 12:56:31PM +0200, Dr. Peter Bieringer wrote:
> Response from support: add in section "[smtp]" option "whole_file_scan=yes"

this is only partly a remedy. in our case VirusWall (in SMTP daemon mode)
detects the virus if an 'original' mail containing the SOBIG.F virus is
manually bounced (e.g.  by bouncing it in the mutt MUA) to our VirusWall.

if the bounce is made by qmail on the other side, the bounced mail
contains some more text and the original mail and it is not detected by
our VirusWall (Solaris, engine 5.6150, current pattern).

ScanMail on NT detects the virus either way.

cu - Harry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail
  - From: Dr. Peter Bieringer

Prev by Date: [Full-Disclosure] [Update]: Code executing in RAV's virus encyclopedia fixed
Next by Date: [Full-Disclosure] [RHSA-2003:240-01] Updated httpd packages fix Apache security vulnerabilities
Previous by thread: Re: [Full-Disclosure] Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail
Next by thread: [Full-Disclosure] Scanning the PCs for RPC Vulnerability
Index(es):
- Date
- Thread