[Avcheck] infected is sick?
Michael Tokarev
mjt@tls.msk.ru
Wed, 28 Nov 2001 18:17:52 +0300
Len Conrad wrote:
>
> Michael,
>
> ok, I was verifying that my IMGate "content reject" was really caused by
> body_check, and not header checks, voila the proof, from pflogsumm report
> today:
>
> cleanup
> body
> 5 Content-Type: application/octet-stream; name="dwarf4you.exe";
> from=<> to=<lconrad@go2france.com>
>
> These 5 are being sent from the avcheck machine with the virus attached,
> rather than just the headers to the virus sender.
;) Hmm, I think you know this. For me, that was clear from the beginning
and I said about that:
> > 2. I, sender, get the message + full virus back (on my mail gateway,
> > body_checks blocks the msg because it finds .exe attachment)
>
> How you sent the affected message then? It seems not via your
> gateway, or else body_checks should block original message.
> Note the same will happen if postfix will send standard bounce
> message instead (first several Kbytes of original message).
Regards,
Michael.