[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030904080256.GB12047@deppeler.org>
Date: Thu, 4 Sep 2003 10:02:56 +0200
From: harald@...peler.org
To: "Dr. Peter Bieringer" <pbieringer@...asec.de>
Cc: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>,
"full-disclosure@...ts.netsys.com" <full-disclosure@...ts.netsys.com>
Subject: Re: Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail
On Wed, Sep 03, 2003 at 12:56:31PM +0200, Dr. Peter Bieringer wrote:
> Response from support: add in section "[smtp]" option "whole_file_scan=yes"
this is only partly a remedy. in our case VirusWall (in SMTP daemon mode)
detects the virus if an 'original' mail containing the SOBIG.F virus is
manually bounced (e.g. by bouncing it in the mutt MUA) to our VirusWall.
if the bounce is made by qmail on the other side, the bounced mail
contains some more text and the original mail and it is not detected by
our VirusWall (Solaris, engine 5.6150, current pattern).
ScanMail on NT detects the virus either way.
cu - Harry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists