[Mimedefang] [Bug 5225] New: non-standard base64 encoding evadessome scanners (fwd)

Jason Bertoch [Electronet] jason at electronet.net
Fri Dec 8 08:57:23 EST 2006


> -----Original Message-----
> 
> However, it is *not* vulnerable if you use the standard 
> MIMEDefang ClamAV
> integration functions.
> 
> MIMEDefang passes virus scanners both the raw MIME message 
> and all the parts
> as decoded by MIME::tools.  This design decision was made so 
> that MIME::tools
> could work around any bugs in an AV tools' MIME decoder and 
> vice-versa.
> 
> The proof-of-concept test didn't make it past our test 
> MIMEDefang system.
> 
> Regards,
> 
> David.


There goes my clam milter...

I was always a little curious why the standard filter appeared to scan for
viruses twice.

Jason A. Bertoch
Network Administrator
jason at electronet.net
ElectroNet Intermedia Consulting
3411 Capital Medical Blvd.
Tallahassee, FL 32308
(V) 850.222.0229 (F) 850.222.8771




More information about the MIMEDefang mailing list