test virus problem

Matt Kettler mkettler at EVI-INC.COM
Fri Sep 10 14:26:03 IST 2004


<x-flowed>
At 06:40 AM 9/10/2004, Julian Field wrote:
> >I've been searching the archives extensively and have not found a post that
> >addresses the issue with anything more specific than Julian's post above.
> >Nearly all questions regarding this since Julian's post have been responded
> >to with "It's not an issue, search the archives" replies.
>
>There is some work going on right now to hopefully fix this. We just have
>to iron out all the bugs in the new MIME code.
>--
>Julian Field

Thanks for the clarification Julian, at least we now all realize that it is
a real issue for Outlook MUAs, albeit not one that's active in the wild.

In the interim, the SA rule I posted yesterday ran overnight on my
production mailserver with a low score, it's passed 2,505 normal spam/ham
messages without matching, but this morning matched testvirus.org's test
#23 just fine. I'm much more comfortable with it's use as a stop-gap
measure now that it's had at least a little real-world exercise. I'd still
advise a little bit of testing on your own servers prior to pushing the
score up high.

header MIME_EMPTY_BOUNDARY      Content-Type =~ /boundary\=(?!.)/i
score MIME_EMPTY_BOUNDARY       2.0
describe MIME_EMPTY_BOUNDARY    Contains a possible mime exploit for outlook

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list