--On Mittwoch, 3. September 2003 13:22 +0200 "Dr. Peter Bieringer" <[EMAIL PROTECTED]> wrote:
--On Mittwoch, 3. September 2003 12:56 +0200 "Dr. Peter Bieringer" <[EMAIL PROTECTED]> wrote:
seen on Interscan Viruswall for Linux 3.8 Build 1080, one email containing a Sobig.f passed the scanner without any detection.
A Trend Micro "vscan" run on the received plain mail will detect the virus.
Response from support: add in section "[smtp]" option "whole_file_scan=yes"
Interesting, looks like the default is "no" (very dangerous imho), also it looks like this option is neither documented nor changeable via web interface.
I would only note that we also found at least one Bugbear (PE_BUGBEAR.DAM) passing if "whole_file_scan=yes" is not enabled.
In addition a short note about the scan version engines:
VSAPI v5.600-1011 (contained in Linux 3.8/build 1080) didn't found this Bugbear in any case found Sobig.f with whole_file_scan
VSAPI v6.510-1002 (latest found on de.trendmicro-europe.com) found this Bugbear only with whole_file_scan
-> Check version of scan engine and update, if not current: # /opt/trend/ISBASE/IScan.BASE/vscan -v
Hope this helps, Peter -- Dr. Peter Bieringer Phone: +49-8102-895190 AERAsec Network Services and Security GmbH Fax: +49-8102-895199 Wagenberger Stra�e 1 Mobile: +49-174-9015046 D-85662 Hohenbrunn E-Mail: [EMAIL PROTECTED] Germany Internet: http://www.aerasec.de
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
