Email Vulnerabilities

Julian Field mailscanner at ecs.soton.ac.uk
Tue Sep 24 12:25:57 IST 2002


At 11:17 24/09/2002, you wrote:
> > >One thing I am wondering with, why does this eicar.com gfi test email
>goes
> > >to my outlook express deleted items with a modified subject {VIRUS?}
> > >eicar.com [1/5] up to [5/5] and theres no warning message in the body and
> > >the attachment is intact with the filename eicar.com. im just wondering
> > >about this.
> >
> > Can anyone else corroborate this? V3 should have deleted the entire
>message
> > in each of those cases.
>
>Is there anything that I need to recheck or reconfigure in the
>mailscanner.conf?

No, there aren't any options to do with the partial message trap, it's
always on.


>--- Glynn ---
>----- Original Message -----
>From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Tuesday, September 24, 2002 4:47 PM
>Subject: Re: Email Vulnerabilities
>
>
> > At 05:54 24/09/2002, you wrote:
> > >Hi guys, I just updated my mailscanner from 3.22-7 to 3.23-1 and what I
>have
> > >found out is the speed, its more faster now
> >
> > Yay! Someone noticed the optimisations I did in 3.22-something in the way
> > of re-ordering all the "if" statements to reduce the number of system
>calls
> > by 50%.
> > :-)
> >
> > >One thing I am wondering with, why does this eicar.com gfi test email
>goes
> > >to my outlook express deleted items with a modified subject {VIRUS?}
> > >eicar.com [1/5] up to [5/5] and theres no warning message in the body and
> > >the attachment is intact with the filename eicar.com. im just wondering
> > >about this.
> >
> > Can anyone else corroborate this? V3 should have deleted the entire
>message
> > in each of those cases.
> >
> > >Also, I am using Sophos and I got this message in my console "Useful life
>of
> > >SWEEP has beed exceeded" does the Sophos doesn't work anymore?
> >
> > You need to entirely replace Sophos once every 2 to 3 months, as that is
> > how long they provide IDE files for any given version of Sophos.
> >
> > Download the .tar.Z from the website, stick it in /tmp then do
> >          cd /tmp
> >          /usr/local/MailScanner/bin/Sophos.install
> >
> > *Please* don't try and use Sophos's install script, it makes a bit of a
> > mess of things :(
> >
> > >----- Original Message -----
> > >From: "Glynn S. Condez" <glynn at MAKATI.TECHSQUARE.COM>
> > >To: <MAILSCANNER at JISCMAIL.AC.UK>
> > >Sent: Tuesday, September 24, 2002 10:37 AM
> > >Subject: Re: Email Vulnerabilities
> > >
> > >
> > > > Thanks Jeff for the great idea, it seems that there's  nothing that I
>need
> > > > to reconfigure except for the conf files of mailscanner.
> > > >
> > > >
> > > > --- Glynn ---
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeff A. Earickson" <jaearick at COLBY.EDU>
> > > > To: <MAILSCANNER at JISCMAIL.AC.UK>
> > > > Sent: Tuesday, September 24, 2002 10:28 AM
> > > > Subject: Re: Email Vulnerabilities
> > > >
> > > >
> > > > > Hi,
> > > > >    I set up my mailscanner directory thus:
> > > > >
> > > > > lrwxrwxrwx   1 root     daemon        10 Sep 23 14:01 bin ->
>bin-3.23-1/
> > > > > drwxr-xr-x   2 root     none        1024 Sep 13 10:23 bin-3.22-14/
> > > > > drwxr-xr-x   2 root     none        1024 Sep 23 13:46 bin-3.23-1/
> > > > > lrwxrwxrwx   1 root     daemon        10 Sep 23 14:01 etc ->
>etc-3.23-1/
> > > > > drwxr-xr-x   2 root     none        1024 Sep 13 10:29 etc-3.22-14/
> > > > > drwxr-xr-x   2 root     none        1024 Sep 23 13:55 etc-3.23-1/
> > > > > drwxr-xr-x   3 root     none         512 May  2 11:52 man/
> > > > > drwxr-xr-x   8 jaearick jaearick     512 Sep 23 14:06 src/
> > > > > drwx------   4 root     none         512 May  3 09:38 var/
> > > > >
> > > > > When a new version of mailscanner comes out, I untar it and move the
> > > > > mailscanner/etc and mailscanner/bin directories to etc-[version]
> > > > > and bin-[version].  Then I do side-by-side comparisons of the
>default
> > > > > config versus my setup.  When I've carried my config changes into
>the
> > > > > new etc files, I stop mailscanner, change the symlinks, restart
> > > > > mailscanner.  Virtually no down time.  It would be nice if this
> > > > > kind of directory versioning was incorporated into the tarfiles
> > > > > for v4 somehow...
> > > > >
> > > > > ** Jeff A. Earickson, Ph.D                         PHONE:
>207-872-3659
> > > > > ** Senior UNIX Sysadmin, Information Technology    EMAIL:
> > > > jaearick at colby.edu
> > > > > ** Colby College, 4214 Mayflower Hill,               FAX:
>207-872-3076
> > > > > ** Waterville ME, 04901-8842
> > > >
> > >
> > --------------------------------------------------------------------------
> > > > --
> > > > >
> > > > > On Tue, 24 Sep 2002, Glynn S. Condez wrote:
> > > > >
> > > > > > Date: Tue, 24 Sep 2002 10:18:03 +0800
> > > > > > From: Glynn S. Condez <glynn at MAKATI.TECHSQUARE.COM>
> > > > > > Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> > > > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > > > Subject: Re: Email Vulnerabilities
> > > > > >
> > > > > > oh by the way, this the first time that I am going to upgrade the
> > > > > > mailscanner, is it possible if I am going to rename the old
> > >mailscanner
> > > > > > directory and install the new version of mailscanner as
>mailscanner?
> > > > > >
> > > > > > or is there anything that I need to be reconfigure?
> > > > > >
> > > > > > Thanks
> > > > > > --- Glynn ---
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Glynn S. Condez" <glynn at MAKATI.TECHSQUARE.COM>
> > > > > > To: <MAILSCANNER at JISCMAIL.AC.UK>
> > > > > > Sent: Tuesday, September 24, 2002 10:02 AM
> > > > > > Subject: Re: Email Vulnerabilities
> > > > > >
> > > > > >
> > > > > > > This mailing list is great, the response is so fast  :)  well
>I'll
> > >do
> > > > the
> > > > > > > upgrade, email you guys about the results.
> > > > > > >
> > > > > > > thanks
> > > > > > >
> > > > > > > --- Glynn ---
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Mike Kercher" <mike at CAMAROSS.NET>
> > > > > > > To: <MAILSCANNER at JISCMAIL.AC.UK>
> > > > > > > Sent: Tuesday, September 24, 2002 10:05 AM
> > > > > > > Subject: Re: Email Vulnerabilities
> > > > > > >
> > > > > > >
> > > > > > > > Try upgrading to 3.22-15  I think Julian got it to detect all
>of
> > >the
> > > > > > > vulnerabilities.
> > > > > > > >
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: MailScanner mailing list
> > >[mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > > > > > > > Behalf Of Glynn S. Condez
> > > > > > > > Sent: Monday, September 23, 2002 8:58 PM
> > > > > > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > > > > > Subject: Email Vulnerabilities
> > > > > > > >
> > > > > > > >
> > > > > > > > Based on these website http://www.gfi.com/emailsecuritytest,
>some
> > > > of
> > > > > > the
> > > > > > > > test email that contents a test virus or codes goes through
>and
> > >the
> > > > > > > > mailscanner doesn't detect the embedded scripts in the emails.
> > > > > > > >
> > > > > > > > In version 4, is it possible to scan these kinds of viruses or
> > >code?
> > > > by
> > > > > > > the
> > > > > > > > way I'm using the stable version of mailscanner 3-22.7 with
> > > > > > > > spamassassin2-31.
> > > > > > > >
> > > > > > > >
> > > > > > > > --- Glynn ---
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> >
> > --
> > Julian Field                Teaching Systems Manager
> > jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> > Tel. 023 8059 2817          University of Southampton
> >                              Southampton SO17 1BJ
> >

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list