[Mimedefang] Virus/MIME Issue
Chris Masters
rotis23 at yahoo.com
Mon Apr 18 09:05:14 EDT 2005
--- "David F. Skoll" <dfs at roaringpenguin.com> wrote:
> Chris Masters wrote:
>
> > The mimedefang-filter filter function was only
> called
> > once for the main body text/plain part, however a
> > secondary commercial email virus scanner layer
> picked
> > up the virus in 'MIME part 2'. The email was 50kB
> in
> > size.
>
> filter() should be called once for *each* MIME part.
> In addition, newer versions of MIMEDefang let you
> pass the
> original MIME message as one big file to the
> virus-scanner for
> extra protection -- in case there is a weird MIME
> issue, you
> let both MIME::Tools and the virus scanner's parser
> have a crack
> at it.
>
Thanks for your quick response David.
So is it true to say that virus scanning on a per
entity basis does not maximise virus detection safety?
Should we always use MIME::Tools (via filter) *and*
the virus scanners own mime decoding functionality
(via filter_begin for example) for each mail?
It looks as though the mail was a ligitimate bounce
that possibly contained (within the body) the encoded
original infected mail - based on the subject and the
size in logs. Even so, the scanners should surely pick
it up or does this render the virus harmless? I know
that some virus scanners will (wrongly I think) fail
to detect a virus if it's renamed as a txt file
because it cannot be executed.
Chris
__________________________________
Do you Yahoo!?
Plan great trips with Yahoo! Travel: Now over 17,000 guides!
http://travel.yahoo.com/p-travelguide
More information about the MIMEDefang
mailing list