Made it Past File Extension Filters
nathan at TCPNETWORKS.NET
Thu Jan 29 15:11:33 GMT 2004
Yesterday a file w/ multiple extensions (or double file extensions) got
past the filters. I tested w/ a few sample files and it stopped them
all. Any idea why this one made it through?
The file is named "P30.Lease.001.wpd"
X-blah-MailScanner-Information: Please contact blah for more information
X-blah-MailScanner: Found to be clean
X-blah-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.062,
required 4, BAYES_00 -4.90, MIME_MISSING_BOUNDARY 1.84)
Content-type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="P30.Lease.001.wpd"
From: Desai, Jason [mailto:jase at SENSIS.COM]
Sent: Thursday, January 29, 2004 7:05 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: mcafee uvscan not using /usr/local/uvscan/datfi les/current
> >Uhmm, not really You should *not* use any symlinks at all.
> You're the first person to mention this problem. If you can pin it
> down more precisely I would be interested -- i.e. steps I can follow
> to reproduce the problem.
> I wrote the McAfee update script and I haven't seen any reports of
> viruses slipping through from my users. (30,000 users and over 500,000
> messages per day.)
> McAfee is a bit odd about symlinks, but AFAICT it works so long as the
> directory containing the actual uvscan binary contains the
> DAT files, or
> symlinks to the dat files.
Didn't the problem with McAfee and symlinks have to do with symlinks in
path to the files you were scanning (i.e. Incoming Work Dir)? I don't
there is a problem with using symlinks to the DAT files.
More information about the MailScanner