Patch for new virus - Mabuto.B or Mabutu-A
Drew Marshall
drew at THEMARSHALLS.CO.UK
Tue Oct 26 23:25:26 IST 2004
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Julian Field wrote:
> There is a new virus out called variously
> W32/Mabuto.B at mm (F-Prot)
> W32/Mabutu-A (Sophos)
>
> This virus exploits a hole in the MIME-tools modules. I have added a
> patch to MailScanner to save you having to mess with the MIME-tools
> directly.
>
> Attached is a patch to /usr/lib/MailScanner/MailScanner/Message.pm which
> will add a function to solve the problem. If you don't know how to apply
> a patch, then something like
> cd /usr/lib/MailScanner/MailScanner
> patch -p0 < Message.pm.patch
> should do the trick. If it rejects the patch on your version of
> MailScanner, just take a look at the patch file and insert the code by
> hand.
>
> I am also putting together a new beta-release including this patch (and
> an improvement to the phishing net) which I will publish very shortly.
>
> The result of the patch will be that these infected messages are
> rejected as unparsable. This is not ideal, but will have to do for now.
> I will try to produce a better solution in the next few days. The MIME
> header analysis code gets really difficult to follow :-(
All patched fine, thanks Julian. Wonder if any one else has noticed this
'little' flaw...
Drew
--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list