Testing with TestVirus -- fixed

Julian Field MailScanner at ecs.soton.ac.uk
Sat May 21 18:09:57 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt,

You are absolutely right, this is a bug.

It detects the null MIME boundary just fine. However, the latest
MIME-tools no longer parses the message correctly (that must have been a
bug-fix of mine which never got into the main MIME-tools code, ho hum).
It produces a multi-part message with no parts, but with a body
containing all the testvirus text. A multipart entity shouldn't have a
body, it should just contain a list of parts. This one breaks the rule
by having a body and no list of parts.

I now check for this situation occurring and force it to be a correct
structure.

This will be in the next release.

Matt Kettler wrote:

>Ugo Bellavance wrote:
> > Please search the archives for 'testvirus'.  You'll find your answer as
>
>
>>it's been asked many times.
>>
>>
>
>
>Ugo, AFAIK this is now a real bug in Mailscanner.
>
>
>Flashback to the past:
>http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus
>
>To which Julian replied with:
>http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus
>
>Thus, any implication that the Empty Mime boundary bug is a vendor "made up"
>issue is bogus and was based on tests using the wrong mail client.
>
>Any implication that this issue should be ignored is bogus, it would appear to
>be a real issue for users of some versions of outlook.
>
>I just tested my copy of MailScanner-4.42.1-1 and it found it, but only because
>bitdefender decoded it. ClamAV, and command AV didn't hit. MailScanner said
>nothing about it.
>
>This would appear to be a real vulnerability, and a real bug in MailScanner
>since this should have already been fixed.
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list