[Mimedefang] Virus that apparently "slips through" actually doesn't.
Rudolf Christel Jr.
rcj-mail at christel.org
Sat Dec 7 10:12:01 EST 2002
Ok, but Norton AntiVirus catched it on a Windows computer, due the mail
check.
Is there any way to catched such "Text Virus".
I understand, normal this mail would be no harm, but it´s a way to
bypass an virusscanner, and that could be a security hole.
Any ideas what to do?
Kind regards
Rudolf Christel Jr.
-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com] On Behalf Of David F.
Skoll
Sent: Saturday, December 07, 2002 3:51 PM
To: Rudolf Christel Jr.
Cc: mimedefang at lists.roaringpenguin.com
Subject: [Mimedefang] Virus that apparently "slips through" actually
doesn't.
Hi,
> Attach is a tar ball, which include the log of the rejected and not
> rejected mails.
OK, it's obvious to me why the virus "slips through". Yahoo's error
message looks something like this:
Message from yahoo.com.
Unable to deliver message to the following address(es).
rcj at christel.org>:
212.63.143.18 failed after I sent the message.
Remote host said: 554 5.7.1 Virus found in mail - rejected
--- Original message follows.
Return-Path: <rcjun1 at yahoo.de>
... etc.
The failure message is not a MIME message, and the original message is
just "pasted in" as text. MIMEDefang, of course, sees no attachments at
all and treats it as a big text message. If your mail reader unpacks it
into MIME parts, then your mail reader is broken. Any mail reader
should simply see it as a big text message.
--
David.
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list