Testing with TestVirus -- fixed

Julian Field MailScanner at ecs.soton.ac.uk
Sat May 21 18:24:05 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If I put out a beta to for you to test my fix, will someone install it
and test it for me?

Julian Field wrote:

> Matt,
>
> You are absolutely right, this is a bug.
>
> It detects the null MIME boundary just fine. However, the latest
> MIME-tools no longer parses the message correctly (that must have been a
> bug-fix of mine which never got into the main MIME-tools code, ho hum).
> It produces a multi-part message with no parts, but with a body
> containing all the testvirus text. A multipart entity shouldn't have a
> body, it should just contain a list of parts. This one breaks the rule
> by having a body and no list of parts.
>
> I now check for this situation occurring and force it to be a correct
> structure.
>
> This will be in the next release.
>
> Matt Kettler wrote:
>
>> Ugo Bellavance wrote:
>> > Please search the archives for 'testvirus'.  You'll find your
>> answer as
>>
>>
>>> it's been asked many times.
>>>
>>>
>>
>>
>> Ugo, AFAIK this is now a real bug in Mailscanner.
>>
>>
>> Flashback to the past:
>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus
>>
>>
>> To which Julian replied with:
>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus
>>
>>
>> Thus, any implication that the Empty Mime boundary bug is a vendor
>> "made up"
>> issue is bogus and was based on tests using the wrong mail client.
>>
>> Any implication that this issue should be ignored is bogus, it would
>> appear to
>> be a real issue for users of some versions of outlook.
>>
>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but
>> only because
>> bitdefender decoded it. ClamAV, and command AV didn't hit.
>> MailScanner said
>> nothing about it.
>>
>> This would appear to be a real vulnerability, and a real bug in
>> MailScanner
>> since this should have already been fixed.
>>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list