Michael Sofka wrote:
On Friday 13 February 2004 04:44, Andrzej Marecki wrote:Sophos is not detecting the bounces that display the virus as text on our system either. I didn't see that as a real problem. Looks like I thought incorrectly. It is detecting them if they are an attachment inside a MIME-encoded email which has been bounced and the encoding kept intact.
I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide). Do you think that what has been written in:
http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDD&i d=74
...means my system is vulnerable to attacks via that hole?
We have noticed this on our system. It seems to only be happening when cpu-damaged anti-virus programs bounce back a copy of the virus as text. Sophos lets it through because it is not an attachment (I've tried sweep against the entire body of the message, so it isn't just a matter of MIME:Tools not extracting the virus.)
The Sophos page with info and a link to an updated 3.78 scanning engine is here: http://www.sophos.com/support/news/#mime-378
--Loren
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
