[Mimedefang] Problem with virus bounces
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon Dec 20 09:47:44 EST 2004
Ronald Vazquez NLM wrote:
> The Problem seems to be that they're all bounces from nonexistant
> accounts/domains where the mailer there returns the WHOLE email as
> text inside the message. It seems that the risk is small that
> someone could actually execute the virus as it just appears as
> text-garbage in the text-part of the mail and local antivirus
> programs detect it... My manager is not liking this situation
> because I'm letting the virus in...
I've seen several commercial AV scanners that have the same problem
(Trend isn't the only one). The problem is that those bounces (usually
generated by qmail or postfix, don't remember which one of those two)
are not really MIME formatted emails. They are text/plain, so when
analyzing them, virus scanners (or anything else) will not see and
decode/scan attachment.
A solution could be to try out ClamAV and add it as second virus
scanner. It is free and it seems to be good at detecting (at least
some) viruses that are hidden in broken bounced messages. Anyhow,
having mail scanned by two different virus scanners is always a good idea.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the MIMEDefang
mailing list