On Fri, 2006-01-27 at 16:46 +1100, Mathew Thomas wrote:
> mail gateways running Solaris 9 with Sendmail 8-13.1 +Mimedefang 2.44
> + SpamAssassin 2.64 with Uvscan & ClamAv
>
> Some of our staff received W32/[EMAIL PROTECTED] virus which were sent to
> them as forwarded mail as Attachment. This means some MIME encoded virus
> are slipping through. I did some test by forwarding virus infected mail
> via gateway and it is getting through.
>
> In mimedefang.pl, I added "--mime" flag for uvscan.
>From uvscan(1):
--mime Scan MIME-encoded files. This type of file is not scanned by
default.
I ran the testvirus.org tests with and without --mime.
Without --mime, three tests were not detected by uvscan (and two made it
completely past mimedefang). With --mime, all tests were correctly
detected by uvscan.
+1 to make this the default.
--
Mickey Hill <[EMAIL PROTECTED]>
--- mimedefang.pl.orig 2006-01-27 10:30:10.000000000 -0600
+++ mimedefang.pl 2006-01-27 10:30:32.000000000 -0600
@@ -2537,7 +2537,7 @@
# Run uvscan
my($code, $category, $action) =
- run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --allole
$path 2>&1", "Found");
+ run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --mime
--allole $path 2>&1", "Found");
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
}
@@ -2564,7 +2564,7 @@
# Run uvscan
my($code, $category, $action) =
- run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --allole
./Work 2>&1", "Found");
+ run_virus_scanner($Features{'Virus:NAI'} . " --noboot --secure --mime
--allole ./Work 2>&1", "Found");
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
}
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
