[Mimedefang] Recomposing quarantined virus
Ashley M. Kirchner
ashley at pcraft.com
Sat Jul 5 04:38:00 EDT 2003
On my NTBUGTRAQ list, two individuals send the eicar.com virus test
through, complete with an actual message, explanation, dissection, yaddi
yaddi yadda, about the virus test file. Now, being the good little
program that clamav is, it saw it as a virus, and promptly instructed
MIMEdefang to quarantine it. However, I would like to re-assemble this
message and let it through anyway.
Looking in the quarantine folder, I see the following parts:
-rw------- 1 defang defang 1681 Jul 4 15:58 HEADERS
-rw------- 1 defang defang 123 Jul 4 15:58 MSG.1
-rw------- 1 defang defang 24476 Jul 4 15:58 PART.1.BODY
-rw------- 1 defang defang 118 Jul 4 15:58 PART.1.HEADERS
-rw------- 1 defang defang 20 Jul 4 15:58 RECIPIENTS
-rw------- 1 defang defang 41 Jul 4 15:58 SENDER
-rw------- 1 defang defang 15 Jul 4 15:58 SENDMAIL-QID
Which isn't the normal type of quarantine pieces I deal with (you
know, the whole 'sendmail -oi -Am -f `cat SENDER` `cat RECIPIENTS` <
ENTIRE_MESSAGE' bit.) How can I reassemble this type of (virus)
quarantine, and send it through?
--
H| I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
More information about the MIMEDefang
mailing list