[Mimedefang] MD 2.43 - Missing Viruses
Chris Myers
chris at by-design.net
Mon May 31 12:42:30 EDT 2004
----- Original Message -----
From: "Albert Whale" <aewhale at ABS-CompTech.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Sunday, May 30, 2004 10:44 PM
Subject: [Mimedefang] MD 2.43 - Missing Viruses
> I've noticed the several Viruses are getting through my mimedefang
> Filter. [...]
>
> Has anyone else received a virus coming through their installation
> lately? [...]
I've found that Lovgate seems to be getting through recently, and after
looking into things more deeply I found a few issues:
1) The default umask for my system is 077, which means that many of the
files created by MIMEDefang are not readable by the virus scanner unless
it's running as root (on my system, I have clamav running as a member of the
defang group). MIMEDefang apparently doesn't override the default netmask,
and doesn't hard-set the permissions on most files it creates.
Simple solution: make sure the startup script for MIMEDefang does "umask
027". Or run ClamAV as root. Your choice...
2) At least with clamd, MIMEDefang instructs ClamAV to scan
"mdefang-XXXXXX/Work", so ClamAV is only getting a shot at the decoded MIME
parts. I'm thinking about modifying mimedefang.pl to have ClamAV scan the
entire mdefang-XXXXX spool directory to give both the ClamAV a chance to
scan both the original message using it's own MIME decoders, AND the
MIMEtools-decoded parts in Work/
Chris Myers
Networks By Design
More information about the MIMEDefang
mailing list