Testing with TestVirus -- fixed
Julian Field
MailScanner at ecs.soton.ac.uk
Tue May 24 12:11:16 IST 2005
I have just double-checked this on my system using MailScanner 4.42.3
and MIME-tools 5.417 and it worked fine. Hmmm :(
On 23 May 2005, at 18:25, Vladan Nikolic wrote:
> I just have instaled 4.42.3 (only mailscanner rpm), but test#23
> (empty MIME boundary) isn't detected... Should I update perl-Mime-
> tools packages also (it is same version as in earlier release)?
>
>
>> No, I have just released 4.42.3.
>>
>> On 23 May 2005, at 16:35, Jeff A. Earickson wrote:
>>
>>
>>> was this included in 4.42.2?
>>>
>>> On Sat, 21 May 2005, Julian Field wrote:
>>>
>>>
>>>
>>>> Date: Sat, 21 May 2005 18:24:05 +0100
>>>> From: Julian Field <MailScanner at ECS.SOTON.AC.UK>
>>>> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>> Subject: Re: Testing with TestVirus -- fixed
>>>>
>>>> If I put out a beta to for you to test my fix, will someone
>>>> install it
>>>> and test it for me?
>>>>
>>>> Julian Field wrote:
>>>>
>>>>
>>>>
>>>>> Matt,
>>>>>
>>>>> You are absolutely right, this is a bug.
>>>>>
>>>>> It detects the null MIME boundary just fine. However, the latest
>>>>> MIME-tools no longer parses the message correctly (that must have
>>>>> been a
>>>>> bug-fix of mine which never got into the main MIME-tools code, ho
>>>>> hum).
>>>>> It produces a multi-part message with no parts, but with a body
>>>>> containing all the testvirus text. A multipart entity shouldn't
>>>>> have a
>>>>> body, it should just contain a list of parts. This one breaks the
>>>>> rule
>>>>> by having a body and no list of parts.
>>>>>
>>>>> I now check for this situation occurring and force it to be a
>>>>> correct
>>>>> structure.
>>>>>
>>>>> This will be in the next release.
>>>>>
>>>>> Matt Kettler wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Ugo Bellavance wrote:
>>>>>>
>>>>>>> Please search the archives for 'testvirus'. You'll find your
>>>>>>>
>>>>>> answer as
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> it's been asked many times.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Ugo, AFAIK this is now a real bug in Mailscanner.
>>>>>>
>>>>>>
>>>>>> Flashback to the past:
>>>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18726/
>>>>>> match=testvirus
>>>>>>
>>>>>>
>>>>>> To which Julian replied with:
>>>>>> http://article.gmane.org/gmane.mail.virus.mailscanner/18748/
>>>>>> match=testvirus
>>>>>>
>>>>>>
>>>>>> Thus, any implication that the Empty Mime boundary bug is a
>>>>>> vendor
>>>>>> "made up"
>>>>>> issue is bogus and was based on tests using the wrong mail
>>>>>> client.
>>>>>>
>>>>>> Any implication that this issue should be ignored is bogus, it
>>>>>> would
>>>>>> appear to
>>>>>> be a real issue for users of some versions of outlook.
>>>>>>
>>>>>> I just tested my copy of MailScanner-4.42.1-1 and it found it,
>>>>>> but
>>>>>> only because
>>>>>> bitdefender decoded it. ClamAV, and command AV didn't hit.
>>>>>> MailScanner said
>>>>>> nothing about it.
>>>>>>
>>>>>> This would appear to be a real vulnerability, and a real bug in
>>>>>> MailScanner
>>>>>> since this should have already been fixed.
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> Julian Field
>>>>> www.MailScanner.info
>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>> Professional Support Services at www.MailScanner.biz
>>>>> MailScanner thanks transtec Computers for their support
>>>>>
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>
>>>>> ------------------------ MailScanner list ------------------------
>>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>> 'leave mailscanner' in the body of the email.
>>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Julian Field
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>> Professional Support Services at www.MailScanner.biz
>>>> MailScanner thanks transtec Computers for their support
>>>>
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> = = = = = = = = = = = = = = = = = = = =
>
> Vladan Nikolic
> vladan at nikolic.homeip.net
> 2005-05-23
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list