[Mimedefang] dealing with .exe/.com viruses

Davide Vaghetti davide at unipi.it
Wed Nov 3 08:52:24 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

recently I noticed that some viruses that send emails with attached .exe
or .com executables are not processed by the antivirus because
mimedefang kept out the attachment before scanning the messages with the
antivirus (that is clamd, but it shouldn't matter). The result is the
original message plus the mimedefang advisory about the removed
attachment. I feel this is not a good behaviour, I prefer to stop
viruses and do not generate any warning messages, as do for normal viruses.

Looking in mimedefang-filter and mimedafang.pl I saw that mimedefang
call the sub "filter_bad_filename" (responsible for keeping out bad
attachments) before the sub "filter_begin" that should call the antivirus.

Does someone know if there is a way to call the sub
"filter_bad_filename" after the antivirus check ?

- --

Davide Vaghetti
University of Pisa NOC - Centro SerRA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBiOKYxKJAsKiy+1ARApMiAJ9gC3gtOI7aEinQ8edHEJ1mYLeo+gCcDbZS
xQGqSNcNXRumVdOeCsHOb54=
=wbOR
-----END PGP SIGNATURE-----



More information about the MIMEDefang mailing list