Made it Past File Extension Filters

Nathan Johanson nathan at TCPNETWORKS.NET
Thu Jan 29 15:11:33 GMT 2004

Yesterday a file w/ multiple extensions (or double file extensions) got
past the filters. I tested w/ a few sample files and it stopped them
all. Any idea why this one made it through?

The file is named "P30.Lease.001.wpd"

MIME-Version: 1.0
Content-type: multipart/mixed; 
Content-Disposition: inline
X-blah-MailScanner-Information: Please contact blah for more information
X-blah-MailScanner: Found to be clean
X-blah-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.062,
        required 4, BAYES_00 -4.90, MIME_MISSING_BOUNDARY 1.84)

Content-type: text/plain; charset=us-ascii

Content-type: application/octet-stream; 
Content-Disposition: attachment; filename="P30.Lease.001.wpd"
Content-transfer-encoding: base64


-----Original Message-----
From: Desai, Jason [mailto:jase at SENSIS.COM] 
Sent: Thursday, January 29, 2004 7:05 AM
Subject: Re: mcafee uvscan not using /usr/local/uvscan/datfi les/current

> >Uhmm, not really You should *not* use any symlinks at all.
> You're the first person to mention this problem. If you can pin it
> down more precisely I would be interested -- i.e. steps I can follow
> to reproduce the problem.
> I wrote the McAfee update script and I haven't seen any reports of
> viruses slipping through from my users. (30,000 users and over 500,000
> messages per day.)
> McAfee is a bit odd about symlinks, but AFAICT it works so long as the
> directory containing the actual uvscan binary contains the
> DAT files, or
> symlinks to the dat files.

Didn't the problem with McAfee and symlinks have to do with symlinks in
path to the files you were scanning (i.e. Incoming Work Dir)?  I don't
there is a problem with using symlinks to the DAT files.


More information about the MailScanner mailing list