Eicar signature in the subject line

Martin Sapsed m.sapsed at BANGOR.AC.UK
Wed Jul 16 09:02:10 IST 2003

Adam Polkosnik wrote:
> Matt Kettler wrote:
>> At 03:36 PM 7/15/2003 -0400, Adam Polkosnik wrote:
>>> Just as I was updating my mail system and started to do some testing
>>> I've noticed that an e-mail with eicar signature in the subject line was
>>> able to pass through (without any problem) my mailserver equipped with
>>> Mailscanner and ClamAv.
>>> Would anyone like to comment on this one?
>> My comment "Yeah, it works as it should, so what's the issue?"
> Are you trying to say that by design the Subject line is excluded from
> being scanned?

Yes, as are the rest of the headers. What would be the point of scanning
it? I'm not aware of any way for the contents of the Subject line to be
executed (better put a "yet" in there!). As far as I can remember the
MyParty "issue" was the only reason MailScanner started checking the
body of messages. In general, attachments (including bits of HTML) are
the main things to worry about.



Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

More information about the MailScanner mailing list