ClamAV and Password Protected Bagles

Lindsay Snider lindsay at PA.NET
Wed Mar 3 22:32:54 GMT 2004


Kevin Spicer wrote:
> On Wed, 2004-03-03 at 22:10, Lindsay Snider wrote:
>
>>amavisd was patched to fix all of this mess by making the original email
>>available in the 'parts' directory.  If mailscanner dropped the original
>>email in to be scanned, the virus scanner may be able to do the hard work.
>>-lindsay
>>
>
> On the other hand the virus scanner will attempt to unpack the parts
> too.  I use three virus scanners so that means the original email would
> get unpacked 4 times.


If some virus scanners can see viruses by seeing the message as a whole
rather then in parts, it would be nice to come up with something to let
them try.  Maybe it could be an option setting in MailScanner.conf to
include or not include the original message when virus scanning.

>
> We're already unzipping things 4 times now!

Do you happen to use /dev/shm?  If not, it may make the email explosions
less painful.

-lindsay

>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.



More information about the MailScanner mailing list