[Mimedefang] Message that bypasses virus scanning
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Jan 22 04:58:17 EST 2004
Hello,
Testees: mimedefang-2.39 and mimedefang-2.33, with
MIME-tools-5.411a-RP-Patched-02
recently I found warnings in my logs about "Uninitialized values" of the
output triplet of message_contains_virus_fprotd().
The reason is this code snippet in mimedefang.pl, function sub
item_contains_virus_fprotd ($;$), near line 2613:
if(-d $item) {
my @result;
$host .= ":$baseport";
foreach my $entry (glob("$item/*")) {
@result = &item_contains_virus_fprotd($entry, $host);
last if $result[0] != 0;
}
return (wantarray ? @result : $result[0]);
}
The code does return an empty "@result", but only if no regular file in
the directory gets scanned.
Logs show that there are NO files scanned, the "Work" directory is empty!
I wonder why mimedefang.pl scans an empty directory?!
The bypassing that includes the header:
Content-Type: multipart/alternative;
boundary="=_Part_42810428_-5465.32142810428"
but does not contain any boundary at all, the spam is contained in the
mail body. When I remove that header, the message is scanned.
Bye,
--
Steffen Kaiser
More information about the MIMEDefang
mailing list