[Mimedefang] [Bug 5225] New: non-standard base64 encoding evades some scanners (fwd)
David F. Skoll
dfs at roaringpenguin.com
Thu Dec 7 19:05:37 EST 2006
Kenneth Porter wrote:
> I just saw this on the SA-devel list. Note that ClamAV 0.88.6 is listed
> as vulnerable.
However, it is *not* vulnerable if you use the standard MIMEDefang ClamAV
integration functions.
MIMEDefang passes virus scanners both the raw MIME message and all the parts
as decoded by MIME::tools. This design decision was made so that MIME::tools
could work around any bugs in an AV tools' MIME decoder and vice-versa.
The proof-of-concept test didn't make it past our test MIMEDefang system.
Regards,
David.
More information about the MIMEDefang
mailing list