Testing with TestVirus -- fixed

Julian Field MailScanner at ecs.soton.ac.uk
Mon May 23 17:02:41 IST 2005 

No, I have just released 4.42.3.

On 23 May 2005, at 16:35, Jeff A. Earickson wrote:

> was this included in 4.42.2?
>
> On Sat, 21 May 2005, Julian Field wrote:
>
>
>> Date: Sat, 21 May 2005 18:24:05 +0100
>> From: Julian Field <MailScanner at ECS.SOTON.AC.UK>
>> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: Testing with TestVirus -- fixed
>>
>> If I put out a beta to for you to test my fix, will someone
>> install it
>> and test it for me?
>>
>> Julian Field wrote:
>>
>>
>>> Matt,
>>>
>>> You are absolutely right, this is a bug.
>>>
>>> It detects the null MIME boundary just fine. However, the latest
>>> MIME-tools no longer parses the message correctly (that must have
>>> been a
>>> bug-fix of mine which never got into the main MIME-tools code, ho
>>> hum).
>>> It produces a multi-part message with no parts, but with a body
>>> containing all the testvirus text. A multipart entity shouldn't
>>> have a
>>> body, it should just contain a list of parts. This one breaks the
>>> rule
>>> by having a body and no list of parts.
>>>
>>> I now check for this situation occurring and force it to be a
>>> correct
>>> structure.
>>>
>>> This will be in the next release.
>>>
>>> Matt Kettler wrote:
>>>
>>>
>>>> Ugo Bellavance wrote:
>>>> > Please search the archives for 'testvirus'.  You'll find your
>>>> answer as
>>>>
>>>>
>>>>
>>>>> it's been asked many times.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> Ugo, AFAIK this is now a real bug in Mailscanner.
>>>>
>>>>
>>>> Flashback to the past:
>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/
>>>> match=testvirus
>>>>
>>>>
>>>> To which Julian replied with:
>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/
>>>> match=testvirus
>>>>
>>>>
>>>> Thus, any implication that the Empty Mime boundary bug is a vendor
>>>> "made up"
>>>> issue is bogus and was based on tests using the wrong mail client.
>>>>
>>>> Any implication that this issue should be ignored is bogus, it
>>>> would
>>>> appear to
>>>> be a real issue for users of some versions of outlook.
>>>>
>>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but
>>>> only because
>>>> bitdefender decoded it. ClamAV, and command AV didn't hit.
>>>> MailScanner said
>>>> nothing about it.
>>>>
>>>> This would appear to be a real vulnerability, and a real bug in
>>>> MailScanner
>>>> since this should have already been fixed.
>>>>
>>>>
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>> Professional Support Services at www.MailScanner.biz
>>> MailScanner thanks transtec Computers for their support
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> Professional Support Services at www.MailScanner.biz
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list