test virus problem

[Matt Kettler]

<x-flowed>
At 12:10 PM 9/9/2004, Richard Brown wrote:
>A search would have told you that there have been plenty posts about
>testvirus.org. Try this post, although it does appear that they've
>changed the numbering of their tests.
>
>http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0403&L=mailscanner&P=R141186&I=-1

That particular post isn't a particularly good refute of testvirus.org's
claims. Julian tested it with Eudora, as did I, but testvirus.org claims
Outlook clients can open it.

Is there any evidence which specifically contradicts the claim that Outlook
can parse these messages? Clearly testing Eudora isn't a good method of
dismissing claims Outlook is vulnerable.

I've been searching the archives extensively and have not found a post that
addresses the issue with anything more specific than Julian's post above.
Nearly all questions regarding this since Julian's post have been responded
to with "It's not an issue, search the archives" replies.

Anyone have a link to a post which does show this is a real non-issue?

I'll also grant that this is more of a Mime-tools issue than a MailScanner
issue, but that alone doesn't make it non-real.

In theory if one is particularly concerned about the empty mime boundary
issue, you can easily pick them off with a SpamAssassin rule:

header MIME_EMPTY_BOUNDARY      Content-Type =~ /boundary\=(?!.)/i
score MIME_EMPTY_BOUNDARY       0.1

(I tested this rule briefly, verified it matched the test #23 email, and
hasn't matched any of the 35 inbound emails in the past couple minutes. It
should however be regarded as not well tested)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>