[Mimedefang] Virus not reject by bounce mail

[Rudolf Christel Jr.]

Am Samstag, 7. Dezember 2002 08:50 schrieb Tony Nugent:
> On Sat Dec 07 2002 at 00:38, "Deech Mestel" wrote:
> > Let me guess. Klez, right?
> >
> > I had this same problem. Check the Mimedefang download page, there is a
> > fix for it.
> > Latest MD should fix this. It's a problem with MD not properly scanning
> > noncomplient
> > mime headers.
The mimeheader are both the same

First the rejected.

00847 <<< --0-281105353-1038736823=:53712
00847 <<< Content-Type: application/x-zip-compressed; name="eicar.zip"
00847 <<< Content-Transfer-Encoding: base64
00847 <<< Content-Description: eicar.zip
00847 <<< Content-Disposition: attachment; filename="eicar.zip"
00847 <<<
********************************
Virus deleted by hand..... :-)
********************************
00847 >>> 554 5.7.1 Virus  found in mail - rejected
00847 <<< QUIT
00847 >>> 221 2.0.0 ws1.alt-ringlein.com closing connection


And here the not rejected.


0854 <<< --0-281105353-1038736823=:53712
00854 <<< Content-Type: application/x-zip-compressed; name="eicar.zip"
00854 <<< Content-Transfer-Encoding: base64
00854 <<< Content-Description: eicar.zip
00854 <<< Content-Disposition: attachment; filename="eicar.zip"
00854 <<< 
********************************
Virus deleted by hand..... :-)
********************************
00854 <<< 
00854 <<< --0-281105353-1038736823=:53712--
00854 <<< .
00854 >>> 250 2.0.0 gB19xv8N000854 Message accepted for delivery


>
> While this is invaluable advice, I got the impression that he was
> asking why neither nai's uvscan or File::Scan detected the eicar
> test virus inside a tarball attached to an email.  It seems to be
> their limitation as virus scanners, I would have to test it myself
> to be able to say why it fails for Rudolf.

Thats the question. Why could the virus slip through? The mime header looks 
same, and have the style mimedefang requested.

Any Ideas?