[Mimedefang] sobig virus slipping by mcafee.
Stefano McGhee
SMcGhee at ARCweb.com
Wed Sep 3 11:22:01 EDT 2003
Hello,
This was exactly the behavior that I (and apparently others) were
seeing in my "Virus getting by MD" thread. I opened up mimedefang.pl and
found the line where uvscan is called with other options like --noboot and
--allole. I added --mime. So far, it is still detecting viruses as
before. Hopefully, I will not see any getting picked up by our internal
server again. It seems that setting forces uvscan to check mime encoded
attachments, which it does not do by default. David, should this be a
change to the mimedefang.pl file?
My line (1966) now looks like this:
run_virus_scanner($Features{'Virus:NAI'} . " --mime --noboot --secure
--allole $path 2>&1", "Found");
Cheers,
Stefano
>
> I was just trying to determine if their is a case of invalid
> mime types
> that virus's could use to slip by virus scanners...
> Why was this slipping by, must be invalid mime...
>
>
> If I change the command line scan of uvscan to use '--mime' it will
> detect the virus correctly.
> Joy Joy!
>
> I will check again tommorrow and see if any sobig's slipped
> by the scanner
>
More information about the MIMEDefang
mailing list