> -----Original Message----- > From: Renaud Deraison [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 30, 2002 3:16 PM > To: Nessus@List. Nessus. Org > Subject: Re: EICAR Test String virsus was found...Nessus cause? > [...] > I'm interested by everyone's feedback about this though - I'm > not really > sure testing an SMTP server for an anti-virus should be a Nessus test, > what's you take on this check ? > > > -- Renaud
I have no problem with the EICAR test since it's well identified and easy to explain. I can see how it might be considered beyond the scope of Nessus, though. The one that caused us problems for a while was the 42.zip test (smtp_AV_42zip_DoS.nasl). I know it was marked as a DoS test, and I was prepared for the target system to be DoSed, but I wasn't prepared for the message being relayed to our primary SMTP gateways. A misconfigured Unix virus scanner promptly choked trying to scan the attachment which caused our production mail relay to back up quite badly. I'm not sure of a good solution. Maybe if the SMTP relay test returns true for the target, the 42.zip test doesn't run? Of course that would require some other flag somewhere since I was running without safe checks and all tests. This is the only test I've run across that has unintended consequences beyond the target system. Are there any others I should watch out for? Regards, Owen Crow Systems Programmer (Unix) BMC Software, Inc. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
