I havent looked yet at the mimedefang-filter code (been busy this afternoon with other fires), but does MD pass the header to a virus-scanner? Or just the body and attachments? That at least might give a scanner a chance to spot something.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: Tuesday, January 20, 2004 3:57 PM To: [EMAIL PROTECTED] Subject: Re: [Mimedefang] not catching test viruses On Tue, 20 Jan 2004, Kevin A. McGrail wrote: > It might be of interest that using Symantec Anti-Virus for SMTP and NO > Mimedefang missed the following tests to my knowledge though it's much > harder because Symantec does a receive and modify rather than a block on > emails. It's very possible some of these were "defanged" but it's very > difficult for me to ascertain. I think some of the AV tests are pretty ridiculous, especially the MS Outlook bug test. At some point, you have to give up trying to duplicate all kinds of weird and wonderful bugs in desktop software on the server, and just get the desktop people to upgrade or switch. It's possible to write a polymorphic virus with no constant signature longer than a couple of bytes, or possibly even a single byte, depending on how creative you can get with x86 assembly programming. We'll eventually see virus-writing toolkits that make these "signature-less" viruses easy to create, and then what? Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
