[Declude.Virus] Banned Extensions Still Getting Through?

[Paul Crouch]

Need some help for a part time sys admin!   Declude Virus/Junkmail Standard 2.0.6.16/F-prot. We have very limited bandwidth so have expanded the banned extensions list in virus.cfg to include .mpg, .mpeg, .wmv, etc.  This works well but there seems to be some that are still slipping through?   The only thing I have noticed is that in every instance the banned extension is not the only attachment and it has some extra characters in the file extension as reported by Declude.  The attachment appears as normal in the email client.   Example shown below-   When it does work (in every test that I do) Declude inserts “MM/DD/2005 HH:MM:SS Q1BA800E400B8C964 Banning file with mpg extension [video/mpg]” before the virus scanner line.   Any ideas as to why Declude is trapping some and not others?   > vir0606.log >06/06/2005 10:00:54 Q109E001900B2AC5A Vulnerability flags = 0 >06/06/2005 10:00:54 Q109E001900B2AC5A MIME file: pic09894.jpg [base64; Length=1577 Checksum=178405] >06/06/2005 10:00:55 Q109E001900B2AC5A MIME file: =?ISO-8859-1?Q?POWERLEAGUE_HAMSTER=2Empg?= [base64; Length=1435545 Checksum=172528633] >06/06/2005 10:00:55 Q109E001900B2AC5A Virus scanner 1 reports exit code of 0 >06/06/2005 10:00:55 Q109E001900B2AC5A Scanned: Virus Free [MIME: 3 1438701]   >dec0606.log >06/06/2005 10:01:13 Q109E001900B2AC5A CMDSPACE:8 .  Total weight = 8. >06/06/2005 10:01:13 Q109E001900B2AC5A Tests failed [weight=8]: CATCHALLMAILS=IGNORE[0] NOLEGITCONTENT=IGNORE[0] IPNOTINMX=IGNORE[0] CMDSPACE=IGNORE[8] >06/06/2005 10:01:13 Q109E001900B2AC5A Msg failed CMDSPACE (Space found in RCPT TO: command.). Action=""> >06/06/2005 10:01:13 Q109E001900B2AC5A R1 Message OK >06/06/2005 10:01:13 Q109E001900B2AC5A Subject: FW: FW: hamster[Scanned By NHC] >06/06/2005 10:01:13 Q109E001900B2AC5A From: [EMAIL PROTECTED] To:  IP: 195.11.194.53 ID: 2005060609594485-37998 >06/06/2005 10:01:13 Q109E001900B2AC5A Action(s) taken for [copyall_account] = IGNORE  [LAST ACTION=""> >06/06/2005 10:01:13 Q109E001900B2AC5A Using [incoming] CFG file C:\IMail\Declude\$default$.junkmail. >06/06/2005 10:01:13 Q109E001900B2AC5A Tests failed [weight=8]: CATCHALLMAILS=IGNORE[0] NOLEGITCONTENT=IGNORE[0] IPNOTINMX=IGNORE[0] CMDSPACE=WARN[8] >06/06/2005 10:01:13 Q109E001900B2AC5A Msg failed CMDSPACE (Space found in RCPT TO: command.). Action=""> >06/06/2005 10:01:13 Q109E001900B2AC5A L2 Message OK >06/06/2005 10:01:13 Q109E001900B2AC5A Subject: FW: FW: hamster[Scanned By NHC] >06/06/2005 10:01:13 Q109E001900B2AC5A From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]  IP: 195.11.194.53 ID: 2005060609594485-37998 >06/06/2005 10:01:13 Q109E001900B2AC5A Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN  [LAST ACTION=""> >06/06/2005 10:01:13 Q109E001900B2AC5A Cumulative action(s) taken on this email = IGNORE WARN  [LAST ACTION="">     Paul Crouch Technical Manager Marble Building Products Ltd Tel: 01759 373352 Fax: 01759 373394 Email: [EMAIL PROTECTED]