Problem with MIME-Tools security patch
ISP List
isp-list at TULSACONNECT.COM
Wed Jun 12 15:36:30 IST 2002
At 11:32 AM 6/7/2002 +0100, you wrote:
>A very nice person on the Bugtraq mailing list has found some potential
>security problems with the current stable release of the MIME-Tools module
>which is used by MailScanner. These are likely to be exploited fairly soon
>as the hackers all read Bugtraq too.
After applying the patch (on MIME-Tools 5.411), it seems the filename of on
*some* virus-laden attachments is being truncated:
Jun 12 09:31:00 mx10 mailscanner[4540]: Notified senders about 1 infections
Jun 12 09:31:00 mx10 mailscanner[4540]: Commercial disinfector mcafee
returned 3072
Jun 12 09:31:00 mx10 mailscanner[4540]: Skipping renamed attachment .pif
and a grep of the maillog:
Jun 12 09:21:30 mx10 mailscanner[4540]: Skipping renamed attachment mail..pif
Jun 12 09:23:19 mx10 mailscanner[4540]: Skipping renamed attachment salir,.bat
Jun 12 09:24:48 mx10 mailscanner[4540]: Skipping renamed attachment Start
Up Procedures.doc.bat
Jun 12 09:27:18 mx10 mailscanner[4540]: Skipping renamed attachment .pif
Jun 12 09:27:54 mx10 mailscanner[4540]: Skipping renamed attachment .exe
Jun 12 09:31:00 mx10 mailscanner[4540]: Skipping renamed attachment .pif
Jun 12 09:31:23 mx10 mailscanner[4540]: Skipping renamed attachment shape.exe
Jun 12 09:32:20 mx10 mailscanner[4540]: Skipping renamed attachment install.exe
Could be from Klez which I've been told doesn't properly MIME encode the
attachment in the first place. Anyone else seeing this?
--Mike
More information about the MailScanner
mailing list