[Mimedefang] not catching TNEF and embedded mime viruses
Cormack, Ken
kcormack at acs.roadway.com
Tue Jan 20 11:42:22 EST 2004
In a post related to a clamav question, the URL
http://www.testvirus.org/?co= was given. I ran my own server through the
battery of tests on that site. I was hoping the site had some explanations
of the specific vulnerablilities it tries to exploit in tests 16 through 22.
Our system, with MIMEDefang and Vexira did very well overall, but missed
some of the tests in that group.
It's a given that my Vexira could identify the EICAR, as the success of most
of the tests proved. But it could only scan the peices of the message that
MIMEDefang chose to send to it.
With good descriptions of the vulnerabilities "exploited" in tests 17, 18,
19, 20, and 22, it shouldnt be hard to built some checks for these into
mimedefang-filter.
Does anyone know where good descriptions of these "exploits" might be found?
Thanks
Ken
More information about the MIMEDefang
mailing list