Grreting card scams

UxBoD uxbod at splatnix.net
Fri Jul 27 12:44:31 IST 2007


Hmmm, its only ProcessClamAVOutput and ClamAVModule that needs to change isn't it Jules? An alternative would be to write the file into the subdirectory and it would be scanned correctly my ClamAV, ClamAVmodule and ClamD, from what I can see as it would be treated as a seperate file.

Regards, 

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

----- Original Message -----
From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Friday, July 27, 2007 11:47:31 AM (GMT) Europe/London
Subject: Re: Grreting card scams


Glenn Steen wrote:
> On 27/07/07, UxBoD <uxbod at splatnix.net> wrote:
>   
>> Okay, have done some testing.  For the signature to trigger it has to have a source file that contains the message body, and the following headers :-
>>
>> MIME-Version: 1.0
>> Content-Type: text/plain;
>>
>> otherwise it reports the file as being okay.
>>     
>
> Kind of what I thought... It doesn't understand that it is a mail it
> is handling.:-(
>
> Jules, how would you like to play this one?
> I suspect that whatever we do might end up being ... less than
> elegant... Unless you have some inspiration...:-)
>   
Yuck.
I would have to copy the entire message into the scanning directory as 
well and alter every single parser to look out for it. Nasty job.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list