tons of infected files getting though???

Robert Richard Wallace rwmailscanner at LACASITA.DEMON.CO.UK
Wed Jan 28 22:10:36 GMT 2004

This problem I believe relates to the fact that MailScanner uses MIME-tools
to  break up mails into attachments before scanning. I did some testing on 2
samples I have of the  virus one was caught and the other not.

The one not caught is a bounce message and it seems to have a MIME type that
fails to be detected by MIME-tools and therefore the attachment is not
scanned. I can provide samples if anyone wants to investigate this further.
I tried with the latest experimental perl modules and still it failed.

I used a util called juju and it managed to correctly decode all attachments
to both mails. So I am wondering if it might be a good idea to add some sort
of double checking on MIME decodes with another util or library. Anyone care
to comment on this ?

More information about the MailScanner mailing list