Testing with TestVirus -- fixed

Ugo Bellavance ugob at CAMO-ROUTE.COM
Mon May 23 16:18:23 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> If I put out a beta to for you to test my fix, will someone install it
> and test it for me?

I would.

>
> Julian Field wrote:
>
>> Matt,
>>
>> You are absolutely right, this is a bug.
>>
>> It detects the null MIME boundary just fine. However, the latest
>> MIME-tools no longer parses the message correctly (that must have been a
>> bug-fix of mine which never got into the main MIME-tools code, ho hum).
>> It produces a multi-part message with no parts, but with a body
>> containing all the testvirus text. A multipart entity shouldn't have a
>> body, it should just contain a list of parts. This one breaks the rule
>> by having a body and no list of parts.
>>
>> I now check for this situation occurring and force it to be a correct
>> structure.
>>
>> This will be in the next release.
>>
>> Matt Kettler wrote:
>>
>>> Ugo Bellavance wrote:
>>> > Please search the archives for 'testvirus'.  You'll find your
>>> answer as
>>>
>>>
>>>> it's been asked many times.
>>>>
>>>>
>>>
>>>
>>> Ugo, AFAIK this is now a real bug in Mailscanner.
>>>
>>>
>>> Flashback to the past:
>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/match=testvirus
>>>
>>>
>>>
>>> To which Julian replied with:
>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/match=testvirus
>>>
>>>
>>>
>>> Thus, any implication that the Empty Mime boundary bug is a vendor
>>> "made up"
>>> issue is bogus and was based on tests using the wrong mail client.
>>>
>>> Any implication that this issue should be ignored is bogus, it would
>>> appear to
>>> be a real issue for users of some versions of outlook.
>>>
>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but
>>> only because
>>> bitdefender decoded it. ClamAV, and command AV didn't hit.
>>> MailScanner said
>>> nothing about it.
>>>
>>> This would appear to be a real vulnerability, and a real bug in
>>> MailScanner
>>> since this should have already been fixed.
>>>
>> --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> Professional Support Services at www.MailScanner.biz
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list