[OS X TeX] OT: effective Macintosh Trojan in the wild

Aaron Jackson jackson at msrce.howard.edu
Sun May 8 20:55:59 CEST 2005


On May 8, 2005, at 2:01 PM, Bruno Voisin wrote:

> Le 8 mai 05 à 19:07, Aaron Jackson a écrit :
>
>>>  But then it's also possible clamav is already installed on another 
>>> server one or two levels higher up in the university server 
>>> hierarchy.
>>
>> If clamav is being used upstream, then you should be able to see it 
>> in your mail headers.  A command-option-u will reveal all.
>
> The full headers mention amavisd-new, which if I interpret 
> <http://www.ijs.si/software/amavisd/> correctly is a bridge between 
> the mail server software and content scanners (i.e. antispam and 
> antivirus software). I know SpamAssassin is installed, will ask about 
> antivirus.

I have never used amavisd-new, but the basic interaction is that the 
incoming message goes to the MTA, which then passes it off to content, 
attachment, spam and virus filtering (this is the role of amavisd-new). 
  Depending on how things are setup, if everything is ok, the message is 
passed back to the MTA and is accepted for delivery.  If the message 
does not pass one of the filters, it is either rejected BEFORE being 
accepted for delivery or marked and passed back to the MTA and accepted 
for delivery.  The former is how virus messages should be handled after 
being scanned by clamav, while the latter is how messages are handled 
after being scanned by SpamAssassin.

You should see something that indicates virus scanning.  For your 
message I see the following in my headers:

X-SMTP-Vilter-Virus-Backend: clamd
X-SMTP-Vilter-Status: clean
X-SMTP-Vilter-clamd-Virus-Status: clean

It is possible that the message is scanned and not tagged, but I 
believe that the default is to tag the message.  It should be trivial 
to implement virus filtering if amavisd-new and SpamAssassin is already 
setup (assuming that there is enough computer power to handle the extra 
load).

Aaron
--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>





More information about the macostex-archives mailing list