[Mimedefang] MD 2.43 - Missing Viruses
Albert Whale
aewhale at ABS-CompTech.com
Mon May 31 08:42:08 EDT 2004
Thanks for the reply.
David F. Skoll wrote:
>>------ This is a copy of the message, including all the headers. ------
>>
>>
>
>The bounce message doesn't encapsulate the virus in a MIME message, but
>just sticks the whole original message in a text/plain part. So MIMEDefang
>never sees the virus, and any e-mail client that *does* attempt to decode
>the virus is completely broken.
>
>MIMEDefang is behaving correctly.
>
>
OK, MIMEDefang is behaving correctly, but I don't want to send Viruses
to my Users.
The problem is not with the rest of the world, as this virus is detected
with a manual scan using Clamscan. Unfortunately the PC Tool that
detects it is Norton Anti-Virus, used the world over.
I can manually run the scanner on the mbox file and detect the virus. I
just cannot see what the difference is between a Manual Scan and an MD
Scan, given the same tools.
I am filtering with MD using the sequence:
# Virus scan
# Copy original message into work directory as an "mbox" file for
# virus-scanning
md_copy_orig_msg_to_work_dir_as_mbox_file();
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
# Lower level of paranoia - only looks for actual viruses
$FoundVirus = ($category eq "virus");
SO, if MD is behaving correctly, why can I scan the mbox manually and
find the virus, but not while using MD?
BTW, I am running the same command line for clamscan manually as what it
run from MD.
Now I am confused, if I copy the original message to work dir. as a mbox
and cannot detect it, I would think that I should not be able to perform
the same function manually.
Right? Wrong? Did this make sense?
--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
SPAM Zapper - www.No-JunkMail.com - SPAM Stops Here.
Founding Board of Directors of Pittsburgh FBI - InfraGard
More information about the MIMEDefang
mailing list