Thanks for the reply.
David F. Skoll wrote:
OK, MIMEDefang is behaving correctly, but I don't want to send Viruses to my Users.------ This is a copy of the message, including all the headers. ------
The bounce message doesn't encapsulate the virus in a MIME message, but just sticks the whole original message in a text/plain part. So MIMEDefang never sees the virus, and any e-mail client that *does* attempt to decode the virus is completely broken.
MIMEDefang is behaving correctly.
The problem is not with the rest of the world, as this virus is detected with a manual scan using Clamscan. Unfortunately the PC Tool that detects it is Norton Anti-Virus, used the world over.
I can manually run the scanner on the mbox file and detect the virus. I just cannot see what the difference is between a Manual Scan and an MD Scan, given the same tools.
I am filtering with MD using the sequence:
# Virus scan # Copy original message into work directory as an "mbox" file for # virus-scanning md_copy_orig_msg_to_work_dir_as_mbox_file();
# Scan for viruses if any virus-scanners are installed my($code, $category, $action) = message_contains_virus();
# Lower level of paranoia - only looks for actual viruses $FoundVirus = ($category eq "virus");
SO, if MD is behaving correctly, why can I scan the mbox manually and find the virus, but not while using MD?
BTW, I am running the same command line for clamscan manually as what it run from MD.
Now I am confused, if I copy the original message to work dir. as a mbox and cannot detect it, I would think that I should not be able to perform the same function manually.
Right? Wrong? Did this make sense?
--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
SPAM Zapper - www.No-JunkMail.com - SPAM Stops Here.
Founding Board of Directors of Pittsburgh FBI - InfraGard
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
