On Thu, 2002-11-14 at 09:30, CertaintyTech wrote: > > On Thu, Nov 14, 2002 at 11:13:53AM +0800, Antonio Rabena wrote: > > > CertaintyTech wrote: > > > >>FWIW- using above - clamav picks it up: > > > > sophie does not! > > > trophie does. > > > > Indeed - it just goes to show there are differences between vendors... > > > > ...that's why I run two scanners... > > > > -- > > Cheers > > > > Jason Haar > > > Has anyone looked at the "-r" option on reformime? It may help with > this. The man page says: > > -r Rewrite message, adding or standardizing RFC 2045 MIME > headers. > > I just ran it on the W32/Bride message and it strips out the virus > because it is not standard MIME and the message that gets thru is no > longer dangerous. I also tried it on a normal message and it does not > appear to alter it. Possible Q-S could run the message thru "reformime > -r" before attempting to unpack attachments? That way if the message > has broken MIME this will correct it before the "reformime -x" is run on > the message. Does this make sense? Maybe run "reformime -r < > $scandir/$wmaildir/new/$file_id | reformime -x" Not sure what the exact > commandline would be. Any input from others? >
How broad of an issue is this? I would think there need to be a decent amount of coding done to implement this properly. Just off the top of my head: You'd have to ensure that SOMETHING of the message was left to process. I'm sure qmail-scanner is expecting something to exist. What return codes are available? How would you deal with what's left of a message? Return to sender? Would you attach it to a new email, with a blurb about 'illegal MIME'? If QS v2 handles these better than the current version, why bother with throwing in potential issues with reformime changing an email around? If I understand it correctly, Qmail-Scanner currently doesn't modify any emails, just attaches the original to a new email if the original is 'caught' by a rule. IMHO, it's better to leave them untouched, than hoping they get fixed properly in all cases. If it didn't work correctly you'd have to implement a fix for that new MIME issue that doesn't get fixed by reformime properly.. then possibly fixing the new fix, then accounting for a minor change in Perl 5.9 :P Rick > Ed. > > > > > ------------------------------------------------------- > This sf.net email is sponsored by: To learn the basics of securing > your web site with SSL, click here to get a FREE TRIAL of a Thawte > Server Certificate: http://www.gothawte.com/rd524.html > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general -- -- Rick Romero IT Manager Valeo, Inc. ph: 262.695.4841 Sussex, WI. fax: 262.695.4850 [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
