Hi, seen on Interscan Viruswall for Linux 3.8 Build 1080, one email containing a Sobig.f passed the scanner without any detection. A Trend Micro "vscan" run on the received plain mail will detect the virus. Response from support: add in section "[smtp]" option "whole_file_scan=yes" Interesting, looks like the default is "no" (very dangerous imho), also it looks like this option is neither documented nor changeable via web interface. Probably not only Linux versions are involved and perhaps lower version, too. Google reports only 3 hits about this option, all in Japaneese. Looks like this issue rised up already earlier, but don't find a way into docs or web interface. (Perhaps they had scan speed problems some time ago and decided to implement such dangerous option...as told, default is: not scanning the whole file = message). BTW: If someone would test this kind of Sobig.f mail, send a note and I will send it in an email to you, if the requests are low in number... Hope this helps, Peter -- Dr. Peter Bieringer Phone: +49-8102-895190 AERAsec Network Services and Security GmbH Fax: +49-8102-895199 Wagenberger Straße 1 Mobile: +49-174-9015046 D-85662 Hohenbrunn E-Mail: pbieringerat_private Germany Internet: http://www.aerasec.de _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Wed Sep 03 2003 - 04:32:06 PDT