tons of infected files getting though???
Robert Richard Wallace
rwmailscanner at LACASITA.DEMON.CO.UK
Wed Jan 28 22:10:36 GMT 2004
This problem I believe relates to the fact that MailScanner uses MIME-tools
to break up mails into attachments before scanning. I did some testing on 2
samples I have of the virus one was caught and the other not.
The one not caught is a bounce message and it seems to have a MIME type that
fails to be detected by MIME-tools and therefore the attachment is not
scanned. I can provide samples if anyone wants to investigate this further.
I tried with the latest experimental perl modules and still it failed.
I used a util called juju and it managed to correctly decode all attachments
to both mails. So I am wondering if it might be a good idea to add some sort
of double checking on MIME decodes with another util or library. Anyone care
to comment on this ?
More information about the MailScanner