[Mimedefang] OT: a hole in Sophos
Mail Administrator
mailadm at crisnetmls.com
Fri Feb 13 18:00:12 EST 2004
Michael Sofka wrote:
> On Friday 13 February 2004 04:44, Andrzej Marecki wrote:
>
>>I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide).
>>Do you think that what has been written in:
>>
>>http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDD&i
>>d=74
>>
>>...means my system is vulnerable to attacks via that hole?
>
>
> We have noticed this on our system. It seems to only be happening
> when cpu-damaged anti-virus programs bounce back a copy of the virus
> as text. Sophos lets it through because it is not an attachment
> (I've tried sweep against the entire body of the message, so it
> isn't just a matter of MIME:Tools not extracting the virus.)
>
Sophos is not detecting the bounces that display the virus as text on
our system either. I didn't see that as a real problem. Looks like I
thought incorrectly. It is detecting them if they are an attachment
inside a MIME-encoded email which has been bounced and the encoding kept
intact.
The Sophos page with info and a link to an updated 3.78 scanning engine
is here: http://www.sophos.com/support/news/#mime-378
--Loren
More information about the MIMEDefang
mailing list