[Mimedefang] Slipping MyWife.d at MM virus by McAfee
Mickey Hill
mickey at mickeyhill.com
Fri Jan 27 11:40:20 EST 2006
On Fri, 2006-01-27 at 16:46 +1100, Mathew Thomas wrote:
> mail gateways running Solaris 9 with Sendmail 8-13.1 +Mimedefang 2.44
> + SpamAssassin 2.64 with Uvscan & ClamAv
>
> Some of our staff received W32/MyWife.d at MM virus which were sent to
> them as forwarded mail as Attachment. This means some MIME encoded virus
> are slipping through. I did some test by forwarding virus infected mail
> via gateway and it is getting through.
>
> In mimedefang.pl, I added "--mime" flag for uvscan.
>From uvscan(1):
--mime Scan MIME-encoded files. This type of file is not scanned by
default.
I ran the testvirus.org tests with and without --mime.
Without --mime, three tests were not detected by uvscan (and two made it
completely past mimedefang). With --mime, all tests were correctly
detected by uvscan.
+1 to make this the default.
--
Mickey Hill <mickey at mickeyhill.com>
-------------- next part --------------
--- mimedefang.pl.orig 2006-01-27 10:30:10.000000000 -0600
+++ mimedefang.pl 2006-01-27 10:30:32.000000000 -0600
@@ -2537,7 +2537,7 @@
# Run uvscan
my($code, $category, $action) =
- run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --allole $path 2>&1", "Found");
+ run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --mime --allole $path 2>&1", "Found");
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
}
@@ -2564,7 +2564,7 @@
# Run uvscan
my($code, $category, $action) =
- run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --allole ./Work 2>&1", "Found");
+ run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --mime --allole ./Work 2>&1", "Found");
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
}
More information about the MIMEDefang
mailing list