[Mimedefang] SoBig.E slipping through
Michael Sims
michaels at crye-leike.com
Mon Jun 30 17:35:00 EDT 2003
Quoting "Minica, Nelson (EDS)" <Nelson.Minica at railamerica.com>:
> Added following code to filter() but it did not stop SoBig.E as I
> expected...
>
> $lc_fname=lc($fname);
> if ($lc_fname eq 'your_details.zip' || $lc_fname eq 'your_details.zi'){
> action_quarantine_entire_message("Quarantined attachment $lc_fname
> contains a virus: [SoBig.E]");
> return action_discard();
> }
I did some testing with Sobig.E and noticed that frequently MD thought the
filename was:
your_details.zip"
Note the trailing double quote. I'm not sure why as I didn't spend a lot of
time with it, but I'm sure it has something to do with invalid MIME. I suggest
you use a regex instead of the eq operator. I suggest using this instead:
if ($fname =~ /your_details\.zi/i) {
___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___________________________________________
More information about the MIMEDefang
mailing list