[Mimedefang] TestVirus.org
Martin Blapp
mb at imp.ch
Fri Jul 30 06:03:57 EDT 2004
Hi,
Just did the test for mimedefang and clamav:
Clamav is not catching 5 tests, and viri are slipping throuh ! At least test 8
and 23 are very important to catch I think:
Test #5: Eicar virus sent using BinHex encoding (this is a rarely used Macintosh
mail format)
Test #8: Eicar virus sent using BinHex encoding within a MIME segment sent
Test #22: Eicar virus within zip file hidden using the "MIME
Continuation Vulnerability" (attachment can be opened by all versions
of Microsoft Outlook and Outlook Express) sent
Test #23: Eicar virus within zip file hidden using the "Empty MIME
Boundary Vulnerability" (attachment can be opened by all versions of
Microsoft Outlook and Outlook Express)
Test #25 (non-virus): Attachment with a CLSID extension which may hide the real
file extension. <B>This does not include the Eicar virus</B>, however
your mailserver should still block this since the CLSID technique can be
used to hide the true extension of a malicious file. (attachment can be
opened by any Windows computer)
I already mailed this to the clamav people.
Martin
> Just saw this on the Procmail Sanitizer list:
>
> <http://www.testvirus.org/>
More information about the MIMEDefang
mailing list