[Mimedefang] SoBig.E slipping through
David F. Skoll
dfs at roaringpenguin.com
Mon Jun 30 17:38:00 EDT 2003
On Mon, 30 Jun 2003, Minica, Nelson (EDS) wrote:
> Not using anything for virus scanning at the MTA. If this one virus can
> slip attachments past mimedefang then others can too. Perhaps I shouldn't
> trust $fname to actually contain the filename...?
Try running the message through mimedefang as follows:
mimedefang.pl -structure < the_message
to see how mimedefang parses the MIME structure.
When I did it with the sample you sent, I got this:
non-leaf: type=multipart/mixed; fname=; disp=inline
leaf: type=text/plain; fname=; disp=inline
leaf: type=application/x-zip-compressed; fname=your_details.zi; disp=attachment
The "your_details.zi" test should have caught it.
Regards,
David.
More information about the MIMEDefang
mailing list