[Mimedefang] not catching test viruses
David F. Skoll
dfs at roaringpenguin.com
Tue Jan 20 15:57:28 EST 2004
On Tue, 20 Jan 2004, Kevin A. McGrail wrote:
> It might be of interest that using Symantec Anti-Virus for SMTP and NO
> Mimedefang missed the following tests to my knowledge though it's much
> harder because Symantec does a receive and modify rather than a block on
> emails. It's very possible some of these were "defanged" but it's very
> difficult for me to ascertain.
I think some of the AV tests are pretty ridiculous, especially the MS
Outlook bug test.
At some point, you have to give up trying to duplicate all kinds of
weird and wonderful bugs in desktop software on the server, and just
get the desktop people to upgrade or switch.
It's possible to write a polymorphic virus with no constant signature
longer than a couple of bytes, or possibly even a single byte,
depending on how creative you can get with x86 assembly programming.
We'll eventually see virus-writing toolkits that make these
"signature-less" viruses easy to create, and then what?
Regards,
David.
More information about the MIMEDefang
mailing list