[Mimedefang] beware of message_contains_virus_sophie
Juergen Georgi
georgi at belwue.de
Wed Jul 28 08:57:46 EDT 2004
Hi all,
I finally found out, why MIMEdefang/sophie cannot cope
with compression bombs like 42.zip, see my previous post
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-March/020666.html
In message_contains_virus_sophie(), the sophie daemon receives the
path of the MIMEdefang working directory. Unfortunately, sophie
does not register the call back functions provided by the SAVI
library when doing a directory scan, so sophie cannot check if
"loop_decompr_limit" is reached.
entity_contains_virus_sophie() is save, this function
performs a file check, where sophie is using the SAVI call
back functions properly.
I wonder if message_contains_virus_sophie() could be modified
to do a file check on the entire message, as it is available
after md_copy_orig_msg_to_work_dir_as_mbox_file().
Of course, sophie should be fixed. Unfortunately the author
is currently unable to maintain sophie, so I don't expect a
patch very soon.
In the mean time, I will do virus checking in filter()
by calling entity_contains_virus().
Best regards,
-Juergen Georgi
More information about the MIMEDefang
mailing list