Testing with TestVirus

Ugo Bellavance ugob at CAMO-ROUTE.COM
Fri May 20 22:18:34 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Vladan Nikolic wrote:
>>>Hello
>>>
>>>I have installed MailScanner 4.41.3 and ClamAV 0.84 with spamassassin
>>>3.0.3 on my servers. When I run tests from
>>>http://www.webmail.us/testvirus everything is detected, except test #23
>>>"Empty MIME Boundary Vulnerability".  On MailScanner site I found info
>>>that it was resolved in some earlier version... Is anybody else has this
>>>issue? How to resolve it?

I've re-read all the posts having 'testvirus' in the subject and I got
the answer: (quoting Julian)

================
[...]I have added support for the specific things they claim to exploit
in 2 of
the cases that weren't already handled.
The 3rd one relies on repeating the MIME boundary string, so all you can do
is match against the beginning of the boundary string that is actually
used. Adding support for that case would break compatibility with many
versions of Eudora as it uses the same boundary string throughout a
message, just tacking things on the end for when it does things like put in
HTML+text versions of the message body.

I obviously don't want to break Eudora compatibility just to pass a fairly
artificial test.

Please remember that testvirus.org is owned by Excedent Technologies who
sell email security products.
http://www.excedent.com/
Don't for a minute think that testvirus.org is independent just because it
is a .org domain!
=================


>>
>>Please search the archives for 'testvirus'.  You'll find your answer as
>>it's been asked many times.
>
>
> Yes, it's been asked, but never answered, if you don't count "search..." as a very informative answer.
> There was Julian's post that he is working on that, and in MailScanner changelog there is a mention of that particular problem as solved, but I still had that same problem with newest version of MailScanner... So, is it only me doing something wrong, or there is someone else with the same problem or, better yet, with a solution...
>
> Thanks,
> Vladan Nikolic
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list