--On Mittwoch, 3. September 2003 12:56 +0200 "Dr. Peter Bieringer" <[EMAIL PROTECTED]> wrote:
seen on Interscan Viruswall for Linux 3.8 Build 1080, one email containing a Sobig.f passed the scanner without any detection.
A Trend Micro "vscan" run on the received plain mail will detect the virus.
Response from support: add in section "[smtp]" option "whole_file_scan=yes"
Interesting, looks like the default is "no" (very dangerous imho), also it looks like this option is neither documented nor changeable via web interface.
Inbetween I got additional URLs from another guy:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=13531 http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15152
Problem is a "known issue"...read for yourself...has anyone ever received a warning about that problem from the vendor?
It's not nice to get information after an incident...
Peter -- Dr. Peter Bieringer Phone: +49-8102-895190 AERAsec Network Services and Security GmbH Fax: +49-8102-895199 Wagenberger Stra�e 1 Mobile: +49-174-9015046 D-85662 Hohenbrunn E-Mail: [EMAIL PROTECTED] Germany Internet: http://www.aerasec.de
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
