Made it Past File Extension Filters

[Nathan Johanson]

Yesterday a file w/ multiple extensions (or double file extensions) got
past the filters. I tested w/ a few sample files and it stopped them
all. Any idea why this one made it through?

The file is named "P30.Lease.001.wpd"

MIME-Version: 1.0
Content-type: multipart/mixed; 
	
Boundary="0__=07BBE4BADFCBA36E8f9e8a93df938690918c07BBE4BADFCBA36E"
Content-Disposition: inline
X-blah-MailScanner-Information: Please contact blah for more information
X-blah-MailScanner: Found to be clean
X-blah-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.062,
        required 4, BAYES_00 -4.90, MIME_MISSING_BOUNDARY 1.84)

--0__=07BBE4BADFCBA36E8f9e8a93df938690918c07BBE4BADFCBA36E
Content-type: text/plain; charset=us-ascii

--0__=07BBE4BADFCBA36E8f9e8a93df938690918c07BBE4BADFCBA36E
Content-type: application/octet-stream; 
        name="P30.Lease.001.wpd"
Content-Disposition: attachment; filename="P30.Lease.001.wpd"
Content-transfer-encoding: base64

Nathan

-----Original Message-----
From: Desai, Jason [mailto:jase at SENSIS.COM] 
Sent: Thursday, January 29, 2004 7:05 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: mcafee uvscan not using /usr/local/uvscan/datfi les/current


> >Uhmm, not really You should *not* use any symlinks at all.
>
> You're the first person to mention this problem. If you can pin it
> down more precisely I would be interested -- i.e. steps I can follow
> to reproduce the problem.
>
> I wrote the McAfee update script and I haven't seen any reports of
> viruses slipping through from my users. (30,000 users and over 500,000
> messages per day.)
>
> McAfee is a bit odd about symlinks, but AFAICT it works so long as the
> directory containing the actual uvscan binary contains the
> DAT files, or
> symlinks to the dat files.

Didn't the problem with McAfee and symlinks have to do with symlinks in
the
path to the files you were scanning (i.e. Incoming Work Dir)?  I don't
think
there is a problem with using symlinks to the DAT files.

Jason