I'm not convinced that this is the problem.
My setup scanned the inbound email containing the virus, tagged it with
"X-Qmail-Scanner" and allowed it through.
However, our office email system is setup to notify a short list of people
of incoming mail to a specific account.
When our office mail server forwarded the email to the listed users it hit
the gateway qmail server and qmail-scanner detected the virus.
How is it possible that it was not detected inbound but was detected
----- Original Message -----
From: "Jason Haar" <Jason.Haar@...>
Sent: Tuesday, November 27, 2001 8:23 AM
Subject: [Qmail-scanner-general]Comment on Aliz virus
> As you have all gathered, the Aliz virus is making it past some
> Qmail-Scanner sites.
> This is because reformime is incorrectly handling the broken MIME encoding
> used by the virus. Unfortunately, the broken MIME mailer the virus is
> intended for (Outlook) happily decodes these messages, and get infected.
> I'd suggest either upgrading maildrop to the latest development release,
> set a perlscanner rule to block all attachments named "whatever.exe" and
> wait until maildrop-1.3.6 is officially released:
> whatever.exe<TAB>0<TAB>Suspected Aliz Virus
> Note that if you installed Q-S with the "--redundant yes" option, and you
> are lucky enough to have a decent anti-virus scanner (don't ask me - I'm
> staying out of that debate!), then it will pick up the virus anyway.
> Jason Haar
> Information Security Manager
> Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> Qmail-scanner-general mailing list