GFI E-mail Test with F-prot
Julian Field
jkf at ecs.soton.ac.uk
Sun Feb 3 09:52:19 GMT 2002
At 03:10 03/02/2002, you wrote:
>Has anyone tried the email test from
>http://www.gfi.com/emailsecuritytest for virus vulnerabilities?
>Using Mailscanner 3.03-1/F-Prot with Exim 3.34 on Trustix 1.5, only 2 of
>the 6 infected messages were detected. The test included the following:
>
>o VBS file vulnerability test
>o CLSID extension vulnerability test
>o MIME header vulnerability test
>o ActiveX vulnerability test
>o Malformed file extension vulnerability test (for Outlook 2002 -
>XP)
>o CLSID extension vulnerability test (for Outlook 2002 - XP)
>
>Mailscanner only detected the MIME header and VBS payloads. What kind of
>adjustments can I make to catch the rest or is it an F-Prot issue?
Detecting the CLSID extensions is just a matter of writing a suitable rule
for filename.rules.conf. I'm sure you can do that yourselves (that covers 2
of the above). I'll try to find time to write one for the release of 3.10
to make life easier for you.
As for the others, MailScanner (with a virus-detection engine) will happily
detect the actual viruses that have exploited these holes in the past (some
of which have now been patched against by Microsoft anyway, and so are a
bit historical). Not all of them have ever been exploited (read the docs
carefully on that web site).
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list