Has the simscan installed with Interworx been compiled with the “–enable-attach=y” flag? I’m planning on filtering the common Sober worm attachments.

Thanks,

–
John Kelley
Unix Systems Admin
Pattern Recognition Inc.
www.patternrecognitioninc.com

Hi John,

No, it hasn’t been compiled with that option. The reason is that it requires ripmime to be installed, which would normally be fine - however when we tested this, some messages caused ripmime to go into an infinte loop and use 100% of the cpu.

With Clam Virus scanning enabled, it should identify and block the Sober worms just fine.

If clam is enabled but Sober worms are getting though, I would double check that the DatabaseDirectory setting for freshclam and clamav are the same - It should look like this:

grep DatabaseDirectory /etc/clamd.conf

DatabaseDirectory /var/lib/clamav

grep DatabaseDirectory /etc/freshclam.conf

DatabaseDirectory /var/lib/clamav

Paul

The two files are indeed the same, yet clamav is still missing it in quite a few instances. I realized simscan was installed when I was going to enter the line for qmail-scanner in /etc/tcprules.d/tcp.smtp. Our server could handle the extra load easily, but I wonder if using both will somehow hinder mail delivery. I doubt it will, but I’ll post back here if it is successful in my test environment, just in case anyone else is interested.

Mostly, I just want my co-workers to stop telling me when the virus slips through. (~5 viruses / day)*10 employees=annoyed admin.

Thanks again, Paul.

–
John Kelley
Unix Systems Admin
Pattern Recognition Inc.
www.patternrecognitioninc.com