Virus in message body rather than attachment

Alisdair Davey ard at PERGAMENTUM.COM
Wed Jan 16 18:14:24 GMT 2002


Could somebody confirm the expected behaviour of mailscanner in the
situation where the virus is in the message body as opposed to an attachment?
I was testing mailscanner (3.02-1) last night using sendmail and Sophos sweep.
When using EICAR to test the scanner I noted  that if I included it as an
attachment it was detected without a problem. However, if I inserted it into
the message body it went undetected. Now in the README is describes the
execution loop that mailscanner follows...

3.Move simple plain-text messages to the outgoing queue and trigger their
  delivery
4.Unpack MIME structure of all remaining messages
5.Scan everything for viruses

Does mailscanner regard a message containing the EICAR string as being a
purely plain text message? I tried the test including Magistr both as an
attachment and in the body of the message. No problems with detecting it as
an attachment but in the body of the message it was passed as clean.
Thanks
Alisdair

--
Dr Alisdair Davey                                 ard at pergamentum.com
Pergamentum Solutions                    "Pergamentum init, exit pergamentum"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the MailScanner mailing list