jseymour Posted June 28, 2005 Share Posted June 28, 2005 Awhile back, I posted a query about Spamcop's incoming virus filters catching (and silently discarding) phishing attempts. This was confirmed by the support folks. While this is annoying, it's not a huge deal. I keep copies of all email that my system forwards to spamcop, so I can manually drop the phishes into my "Held Mail" folder and then report them. It's an extra step - but it doesn't happen often enough to be a major hassle. However, today, a friend sent me a forwarded, tasteless picture that vanished into the Spamcop blackhole... My suspicion is that Spamcop's mail system decided it was a virus and silently deleted it, which begs the question: What criteria does Spamcop use for silently deleting a message? I understand (and agree) about deleting viruses - but this kind of false positive seems like something is misconfigured. (While the picture was tasteless, the message itself was harmless - a 2-part MIME message: one part plain text, the other part a JPG with a Michael Jackson joke). Additional technical details for those who care: I run two mail servers (one at home and one at work). Each system forwards certain messages to accounts at spamcop.net. In the case of my work email, Spamcop then filters the messages and returns the good ones back to a "secret" account on my mail server. This all works quite well - but outages in the past have made me paranoid, so I have a second copy of all such messages delivered to a special local holding account. The servers are running Mandrake Linux 9.1 and Postfix 2.0.6 and I have two different Spamcop accounts (one for each server). Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 29, 2005 Share Posted June 29, 2005 (While the picture was tasteless, the message itself was harmless - a 2-part MIME message: one part plain text, the other part a JPG with a Michael Jackson joke). 29732[/snapback] Could the message or subject been close to the recently released virus based on the Jackson case that it was recognized? Link to comment Share on other sites More sharing options...
swingspacers Posted June 29, 2005 Share Posted June 29, 2005 Maybe IronPort really needs to fill that job opening for an antivirus architect . If it is really the virus filter, I don't think that the SpamCop administrator can do much about which messages are flagged as viruses and which ones are not. He will have to rely on the vendor of the virus filter, which seems to be Sophos in this case. Since you have another copy of the message, you could try to submit it to VirusTotal to see whether there is some consensus among the various antivirus vendors about whether it should be recognized as a virus. Link to comment Share on other sites More sharing options...
jseymour Posted June 30, 2005 Author Share Posted June 30, 2005 Could the message or subject been close to the recently released virus based on the Jackson case that it was recognized? 29737[/snapback] I don't think so. The subject didn't mention Michael Jackson at all. Link to comment Share on other sites More sharing options...
jseymour Posted June 30, 2005 Author Share Posted June 30, 2005 Since you have another copy of the message, you could try to submit it to VirusTotal to see whether there is some consensus among the various antivirus vendors about whether it should be recognized as a virus. 29741[/snapback] Thanks. That's a very cool resource!. I sent it the picture and the entire email and it found nothing (as expected). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.