Testing with TestVirus -- fixed
Vladan Nikolic
vladan at NIKOLIC.HOMEIP.NET
Mon May 23 18:25:42 IST 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I just have instaled 4.42.3 (only mailscanner rpm), but test#23 (empty MIME boundary) isn't detected... Should I update perl-Mime-tools packages also (it is same version as in earlier release)?
>No, I have just released 4.42.3.
>
>On 23 May 2005, at 16:35, Jeff A. Earickson wrote:
>
>> was this included in 4.42.2?
>>
>> On Sat, 21 May 2005, Julian Field wrote:
>>
>>
>>> Date: Sat, 21 May 2005 18:24:05 +0100
>>> From: Julian Field <MailScanner at ECS.SOTON.AC.UK>
>>> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: Testing with TestVirus -- fixed
>>>
>>> If I put out a beta to for you to test my fix, will someone
>>> install it
>>> and test it for me?
>>>
>>> Julian Field wrote:
>>>
>>>
>>>> Matt,
>>>>
>>>> You are absolutely right, this is a bug.
>>>>
>>>> It detects the null MIME boundary just fine. However, the latest
>>>> MIME-tools no longer parses the message correctly (that must have
>>>> been a
>>>> bug-fix of mine which never got into the main MIME-tools code, ho
>>>> hum).
>>>> It produces a multi-part message with no parts, but with a body
>>>> containing all the testvirus text. A multipart entity shouldn't
>>>> have a
>>>> body, it should just contain a list of parts. This one breaks the
>>>> rule
>>>> by having a body and no list of parts.
>>>>
>>>> I now check for this situation occurring and force it to be a
>>>> correct
>>>> structure.
>>>>
>>>> This will be in the next release.
>>>>
>>>> Matt Kettler wrote:
>>>>
>>>>
>>>>> Ugo Bellavance wrote:
>>>>> > Please search the archives for 'testvirus'. You'll find your
>>>>> answer as
>>>>>
>>>>>
>>>>>
>>>>>> it's been asked many times.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> Ugo, AFAIK this is now a real bug in Mailscanner.
>>>>>
>>>>>
>>>>> Flashback to the past:
>>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/
>>>>> match=testvirus
>>>>>
>>>>>
>>>>> To which Julian replied with:
>>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/
>>>>> match=testvirus
>>>>>
>>>>>
>>>>> Thus, any implication that the Empty Mime boundary bug is a vendor
>>>>> "made up"
>>>>> issue is bogus and was based on tests using the wrong mail client.
>>>>>
>>>>> Any implication that this issue should be ignored is bogus, it
>>>>> would
>>>>> appear to
>>>>> be a real issue for users of some versions of outlook.
>>>>>
>>>>> I just tested my copy of MailScanner-4.42.1-1 and it found it, but
>>>>> only because
>>>>> bitdefender decoded it. ClamAV, and command AV didn't hit.
>>>>> MailScanner said
>>>>> nothing about it.
>>>>>
>>>>> This would appear to be a real vulnerability, and a real bug in
>>>>> MailScanner
>>>>> since this should have already been fixed.
>>>>>
>>>>>
>>>> --
>>>> Julian Field
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>> Professional Support Services at www.MailScanner.biz
>>>> MailScanner thanks transtec Computers for their support
>>>>
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>> Professional Support Services at www.MailScanner.biz
>>> MailScanner thanks transtec Computers for their support
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
>--
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
= = = = = = = = = = = = = = = = = = = =
Vladan Nikolic
vladan at nikolic.homeip.net
2005-05-23
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list