[Mimedefang] Virus not reject by bounce mail
Rudolf Christel Jr.
rcj-mail at christel.org
Sat Dec 7 03:46:01 EST 2002
No, it was not Klez, it was the eicar test virus.
-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com] On Behalf Of Deech
Mestel
Sent: Saturday, December 07, 2002 7:38 AM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Virus not reject by bounce mail
Let me guess. Klez, right?
I had this same problem. Check the Mimedefang download page, there is a
fix for it. Latest MD should fix this. It's a problem with MD not
properly scanning noncomplient mime headers.
The mime headers looks same, and in the requested style of mimedefang.
Here the headers.
First the rejected.
00847 <<< --0-281105353-1038736823=3D:53712
00847 <<< Content-Type: application/x-zip-compressed; name=3D"eicar.zip"
00847 <<< Content-Transfer-Encoding: base64
00847 <<< Content-Description: eicar.zip
00847 <<< Content-Disposition: attachment; filename=3D"eicar.zip"
00847 <<<
********************************
Virus deleted by hand..... :-)
********************************
00847 >>> 554 5.7.1 Virus found in mail - rejected
00847 <<< QUIT
00847 >>> 221 2.0.0 ws1.alt-ringlein.com closing connection
And here the not rejected.
0854 <<< --0-281105353-1038736823=3D:53712
00854 <<< Content-Type: application/x-zip-compressed; name=3D"eicar.zip"
00854 <<< Content-Transfer-Encoding: base64
00854 <<< Content-Description: eicar.zip
00854 <<< Content-Disposition: attachment; filename=3D"eicar.zip"
00854 <<<=20
********************************
Virus deleted by hand..... :-)
********************************
00854 <<<=20
00854 <<< --0-281105353-1038736823=3D:53712--
00854 <<< .
00854 >>> 250 2.0.0 gB19xv8N000854 Message accepted for delivery
Any Ideas why the the virus could slip through?
Kind regards
Rudolf Christel
More information about the MIMEDefang
mailing list