I have a question
for the throbbing Imail brain -
I have a rules.ima
file in each of the domain directories on my Imail server. I use this file to
block certain things coming into my server like attachments with .pif, .scr, and
.bat attachments. I'm certain these rules work as I have tested them thoroughly.
Anyway, I've had three emails with the Klez virus get to my clients via .scr
files. The first two times I was convinced it was downloaded via yahoo mail or
whatever - but not from my server.
Anyway, I set up
logging, and a "copy box" for this client (I put a copy of every email going to
that domain into a single mailbox). Sure enough, he got another one. So, I
looked in my "copy box" and it was in there - .scr file and all. I also check
the headers and tracked it in my log files. Sure enough, the message was
accepted and delivered. So, I then sent a few test emails to that user with
a .scr attachment - and it was rejected by the rule! I then saved the infected
file on my desktop, attached it to an email to that user - and it was rejected
by the rule! Finally, I forwarded the original infected message to that user -
and it was rejected by the rule! So, basically, everything seems to work, but it
really doesn't...
Anyone see this
before?? Please let me know, because it's driving me nuts...
Chip Krebs
TSR Solutions, Inc.
N106 W13131 Bradley Way
Germantown, WI 53022
Direct: (262) 512-4102
Fax: (262) 238-2501
Pager: (414) 907-9665
