GFI E-mail Test with F-prot

Julian Field jkf at
Sun Feb 3 09:52:19 GMT 2002

At 03:10 03/02/2002, you wrote:
>Has anyone tried the email test from
> for virus vulnerabilities?
>Using Mailscanner 3.03-1/F-Prot with Exim 3.34 on Trustix 1.5, only 2 of
>the 6 infected messages were detected. The test included the following:
>o       VBS file vulnerability test
>o       CLSID extension vulnerability test
>o       MIME header vulnerability test
>o       ActiveX vulnerability test
>o       Malformed file extension vulnerability test (for Outlook 2002 -
>o       CLSID extension vulnerability test (for Outlook 2002 - XP)
>Mailscanner only detected the MIME header and VBS payloads. What kind of
>adjustments can I make to catch the rest or is it an F-Prot issue?

Detecting the CLSID extensions is just a matter of writing a suitable rule
for filename.rules.conf. I'm sure you can do that yourselves (that covers 2
of the above). I'll try to find time to write one for the release of 3.10
to make life easier for you.

As for the others, MailScanner (with a virus-detection engine) will happily
detect the actual viruses that have exploited these holes in the past (some
of which have now been patched against by Microsoft anyway, and so are a
bit historical). Not all of them have ever been exploited (read the docs
carefully on that web site).
Julian Field                Teaching Systems Manager
jkf at         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list