Problems with two different MIME attachment types
Julian Field
mailscanner at ecs.soton.ac.uk
Sat Mar 1 11:41:33 GMT 2003
Just to let everyone know, he has sent the test messages to me and I'm
going to try to work out what they have done to get these through. Worth
noting that so far (fingers crossed) no exploits have been written that do
this trick, and MailScanner is certainly not the only one to suffer from
this. I will get it corrected as soon as I can.
At 00:23 01/03/2003, you wrote:
>Hi all,
>
>Thanks for the great software and community support!
>
>I recently upgraded to MS 4.12-2 (via RH RPM), and updated the
>dependent Perl mods. After installation, I tested the new version
>against the e-mail virus scanning script in Nessus.
>
>Out of the 5 test messages, 3 were tagged by MS as viruses (by the
>filename rules), and 2 got through to my mail client - even when both
>the filename rules and RAV antivirus should have tagged the "eicar.com"
>test attachment.
>
>Could I get a couple volunteers to verify? You'll just receive 5 test
>e-mails generated by the NASL script, each with a 68-byte EICAR test
>file ("eicar.com") attached in different forms.
>
>I'll post details in a follow-up, if the problem repros.
>
>If you're interested in the hacked NASL script - which allows you to
>run this test stand-alone using the nasl command line - let me know and
>I'll forward it along.
>
>Thanks,
>
>Craig Pratt
>craig at strong-box.net
>
>
>--
>This message checked for dangerous content by MailScanner on StrongBox.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list