[Mimedefang] Sophie 3.01/3.02 does not set $FoundVirus in mimedefang-filter
Andrzej Marecki
amr at astro.uni.torun.pl
Mon May 19 07:57:01 EDT 2003
There is a major bug in sophie 3.01 (and 3.02 as well).
Even if sophie detects a virus, the $FoundVirus variable in
/etc/mail/mimedefang-filter is not set to "true" and so the code:
# discard without notification Viruses which fake SMTP info
return action_discard() if $VirusName =~ ...
# Bounce the mail!
action_bounce("Virus $VirusName found in mail - rejected");
# But quarantine the part for examination later. Comment
# the next line out if you don't want to bother.
action_quarantine($entity, "A known virus was discovered....
is never executed!!!
Luckilly viruses get caught because usually they fulfill the $bad_exts
condition (they are .exe's .pif's etc.) and so they are flagged thanks to
filter_bad_filename(). But this is definitely NOT the right way to treat
them! Viruses should be either bounced back or discarded and not quarantined
*just because* they are e.g. exe's. BTW, I discovered this because I:
# But quarantine the part for examination later. Comment
# the next line out if you don't want to bother.
# action_quarantine($entity, "A known virus was discovered....
... indeed didn't want to bother and commented action_quarantine() out here.
Still, viruses flooded into my quarantine directory.
Andrzej
P.S. I'm crossposting this to mimedefang at lists.roaringpenguin.com
and vtools at vanja.com.
A.
--
-----------------------------------------------------------------------------
Andrzej Marecki |
Torun Centre for Astronomy | e-mail: amr at astro.uni.torun.pl
N. Copernicus University | WWW: http://www.astro.uni.torun.pl
ul. Gagarina 11 | tel: +48 56 6113032
PL-87-100 Torun, POLAND | fax: +48 56 6113009
-----------------------------------------------------------------------------
More information about the MIMEDefang
mailing list