We have a very intermittent error with the SMTP Proxy allowing the occational virus through.
Whilst it is for the most part doing a fantastic job, we are seeing the occational virus 'slip through'. We have approximately 20 domains running through the proxy and it handles a lot of traffic, in the last 20 days we have caught 11,742 emails that contain either viruses or have a SPAM score higher than 7.
The problem seems to be only restricted to the Netsky-d virus. The proxy has blocked emails infected with this virus but it has also let them through. Examining the headers it is not even a case of the emails not being scanned: -
Example of infected email headers:
Message-ID:
Content-Class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-Spam-Score: 1.0 (+)
Importance: normal
Priority: normal
X-Spam-Report: 1.0/5.0Spamassassin report follows* 1.0 -- From: does not include a real name
X-Scan-Signature: 61b9471a4cb1b68959e2846a51b05644
Return-Path:
X-OriginalArrivalTime: 07 May 2004 09:33:37.0343 (UTC) FILETIME=[5FBE04F0:01C43416]
And it would seem that ASL is catching 'some' netsky-d infected emails
Content Scanner: X-Infected: I-Worm.NetSky.d (virus, worm or other malware)
Very Odd.
ASL is running on a P4 2.4ghz machine with 512Mb of memory, Max CPU load is 24%. The Pattern up2date is checked every hour and the pattern installed is todays.
Any suggestions will be appreciated.
This thread was automatically locked due to age.
