bug in Mailscanner 4.60.8-1?

Julian Field MailScanner at ecs.soton.ac.uk
Fri Jun 22 15:51:00 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unfortunately, I cannot skip the message body from filetype checking, as 
you can have mails which just have a file in them and no "message text" 
at all, so everything must be checked. The character followed by a 
new-line sequence, must happen to match the "magic" pattern that 
identifies an executable of some architecture or other. And you cannot 
rely on mime types to skip checking elements of the message, or it would 
be trivial for a nasty person to circumvent the filetype checking.

Sorry about that. It's a fundamental problem with how you deduce a file 
format from its contents, there is no other way to do it.

Jules.

Jorge Costinha wrote:
> this is so bizarre!
>
> if i send the simplest mail there is with only 1 charater the 
> character: _*é*_   , no attachsments at all. somehow it matches the 
> filetype EXE/COM rules and i get the usual bounce back:
>
>
> "Warning: This message has had one or more attachments removed
> Warning: (the entire message).
> Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) 
> for more information.
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "the entire message"
> is on the list of unacceptable attachments for this site and has been
> replaced by this warning message.
>
> If you wish to receive a copy of the original attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
>
> At Fri Jun 22 11:43:32 2007 the virus scanner said:
> MailScanner: No programs allowed (msg-18164-12.txt)
>
> Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in 
> /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067).
> "
>
> thank you,
> Jorge
>
>
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk




-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1

wj8DBQFGe+H+EfZZRxQVtlQRAsAEAKDN+/WWh/qNJVCGeJbXuUMS98dKiACgr8M/
my+d5QnHmuMlxih2YBNDt2g=
=KcKd
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list