Testing with TestVirus -- fixed

Julian Field MailScanner at ecs.soton.ac.uk
Mon May 23 17:02:05 IST 2005


Many thanks. I have just put up the 4.42.3 beta release.

On 23 May 2005, at 16:18, Ugo Bellavance wrote:

> Julian Field wrote:
>
>> If I put out a beta to for you to test my fix, will someone
>> install it
>> and test it for me?
>>
>
> I would.
>
>
>>
>> Julian Field wrote:
>>
>>
>>> Matt,
>>>
>>> You are absolutely right, this is a bug.
>>>
>>> It detects the null MIME boundary just fine. However, the latest
>>> MIME-tools no longer parses the message correctly (that must have
>>> been a
>>> bug-fix of mine which never got into the main MIME-tools code, ho
>>> hum).
>>> It produces a multi-part message with no parts, but with a body
>>> containing all the testvirus text. A multipart entity shouldn't
>>> have a
>>> body, it should just contain a list of parts. This one breaks the
>>> rule
>>> by having a body and no list of parts.
>>>
>>> I now check for this situation occurring and force it to be a
>>> correct
>>> structure.
>>>
>>> This will be in the next release.
>>>
>>> Matt Kettler wrote:
>>>
>>>
>>>> Ugo Bellavance wrote:
>>>> > Please search the archives for 'testvirus'.  You'll find your
>>>> answer as
>>>>
>>>>
>>>>
>>>>> it's been asked many times.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> Ugo, AFAIK this is now a real bug in Mailscanner.
>>>>
>>>>
>>>> Flashback to the past:
>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/
>>>> match=testvirus
>>>>
>>>>
>>>>
>>>> To which Julian replied with:
>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/
>>>> match=testvirus
>>>>
>>>>
>>>>
>>>> Thus, any implication that the Empty Mime boundary bug is a vendor
>>>> "made up"
>>>> issue is bogus and was based on tests using the wrong mail client.
>>>>
>>>> Any implication that this issue should be ignored is bogus, it
>>>> would
>>>> appear to
>>>> be a real issue for users of some versions of outlook.
>>>>
>>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but
>>>> only because
>>>> bitdefender decoded it. ClamAV, and command AV didn't hit.
>>>> MailScanner said
>>>> nothing about it.
>>>>
>>>> This would appear to be a real vulnerability, and a real bug in
>>>> MailScanner
>>>> since this should have already been fixed.
>>>>
>>>>
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>> Professional Support Services at www.MailScanner.biz
>>> MailScanner thanks transtec Computers for their support
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> Professional Support Services at www.MailScanner.biz
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list