testvirus.org

[Kevin Miller]

Gateway one:  Sendmail 8.12.3, MS 4.28.6, clamav .63, F-prot 4.1.2, SA 2.63
Gateway two:  Sendmail 8.12.2, MS 4.28.6, clamav .63, F-Secure 4.52 SA 2.63

Test #5:  Eicar virus sent using BinHex encoding
Test #19: Eicar virus within zip file hidden using the "MIME Boundary Space
Gap Vulnerability"
Test #20: Eicar virus within zip file hidden using the "Long MIME Boundary
Vulnerability"
Test #22: Eicar virus within zip file hidden using the "Empty MIME Boundary
Vulnerability"

After they hit our Exchange server which is running Trend, they were
detected and the eicar pattern deleted, although the message came through...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500


>-----Original Message-----
>From: Dalimil Gala [mailto:konve at LOGOUT.CZ]
>Sent: Friday, March 19, 2004 12:50 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: testvirus.org
>
>
>My AS/AV system failed on #5, 13, 19, 20, 21, 22
>
>Sendmail 8.12.3-6.6 (Debian Woody) + MailScanner 4.23-11 + SpamAssassin
>2.55 + NOD32 for Linux, Version 1.990
>
> ntw
>
>Victor DiMichina wrote:
>
>> When doing a checkup of the mail server,  I found that three
>tests from
>> testvirus.org actually failed:
>>
>> Test #19: Eicar virus within zip file hidden using the "MIME Boundary
>> Space Gap Vulnerability"
>> Test #20: Eicar virus within zip file hidden using the "Long MIME
>> Boundary Vulnerability"
>> Test #22: Eicar virus within zip file hidden using the "Empty MIME
>> Boundary Vulnerability"
>>
>> I am using a Red Hat 8.0 machine with CommuniGate Pro,  MailScanner
>> 4.28.6 with Panda and F-secure.
>> Any suggestions,  is this something I should be concerned about?
>>
>> thanks!
>> Vic
>>
>>
>