[Mimedefang] not catching TNEF and embedded mime viruses
Kevin A. McGrail
kmcgrail at pccc.com
Tue Jan 20 12:23:47 EST 2004
I'm willing to help work on this as well. I tested with McAfee. Some of
the tests were blocked by MIMEDefang and not McAfee.
Here's the ones that got through both using a modified windows suggested
minimum filter.
Test #5
Test #13
Test #15
Test #17
Test #18
Test #19
Test #20
Regards,
KAM
> In a post related to a clamav question, the URL
> http://www.testvirus.org/?co= was given. I ran my own server through the
> battery of tests on that site. I was hoping the site had some
explanations
> of the specific vulnerablilities it tries to exploit in tests 16 through
22.
> Our system, with MIMEDefang and Vexira did very well overall, but missed
> some of the tests in that group.
>
> It's a given that my Vexira could identify the EICAR, as the success of
most
> of the tests proved. But it could only scan the peices of the message
that
> MIMEDefang chose to send to it.
>
> With good descriptions of the vulnerabilities "exploited" in tests 17, 18,
> 19, 20, and 22, it shouldnt be hard to built some checks for these into
> mimedefang-filter.
>
> Does anyone know where good descriptions of these "exploits" might be
found?
More information about the MIMEDefang
mailing list