FYI: I found an issue with simscan this morning that y'all should be aware of. Read below...
Quinn --------------------------------------------------------------------- Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 ----- Begin forwarded message ----- Subject: [simscan] attachment filename scanning bug report Date: Mon, 22 Jan 2007 13:38:16 -0800 From: Quinn Comendant <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] I found a problem with simscan's attachment scanning: the filename matching is overly sensitive. I'm using version 1.2 but the problem should exist in all recent versions. Here's an example running on simscan with a cdb including "attach=.exe:.bat:.pif:.src": My email contains two attachments, the filename of one is: Content-Disposition: attachment; filename="C A Blum TeachVenture Recruiting Invoice 016 11-30-06.doc" Simscan thinks this filename matches the attachment extension ".src", and so the email is rejected. Problem #1: Filenames with spaces are not handled properly. This filename is processed only as "C". (See debug output below.) Problem #2: The entire attachment extension is not matched, regardless of a dot. If the specified extension is ".src" then only ".src" should match, not "c", "rc", or "src". Proposed solution: Use a more specific string matching function instead of this: if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) { (I'm not well versed in C, so I'm not sure what would be used.) [EMAIL PROTECTED]/1 ~]$QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=5 /var/qmail/bin/qmail-inject [EMAIL PROTECTED] < teachventure-attach.eml simscan: cdb looking up simscan: cdb for found clam=yes,spam=yes,spam_hits=8,attach=.exe:.bat:.pif:.src simscan: pelookup clam = yes simscan: pelookup spam = yes simscan: pelookup spam_hits = 8 simscan: Per Domain Hits set to : 8.000000 simscan: pelookup attach = .exe:.bat:.pif:.src simscan: attachment flag attach = .exe:.bat:.pif:.src simscan: add_attach called with .exe:.bat:.pif:.src simscan: .exe is attachment number 0 simscan: .bat is attachment number 1 simscan: .pif is attachment number 2 simscan: .src is attachment number 3 simscan: starting: work dir: /var/qmail/simscan/1169498396.417942.30775 simscan: pelookup: called with [EMAIL PROTECTED] simscan: pelookup: domain is gmail.com simscan: cdb looking up gmail.com simscan: pelookup: local part is beausmith simscan: lpart: local part is ** simscan: cdb looking up [EMAIL PROTECTED] simscan: pelookup: called with [EMAIL PROTECTED] simscan: pelookup: domain is hoodwink.us simscan: cdb looking up hoodwink.us simscan: pelookup: local part is q simscan: lpart: local part is ** simscan: cdb looking up [EMAIL PROTECTED] simscan: checking attachment textfile0 against .exe simscan: checking attachment textfile0 against .bat simscan: checking attachment textfile0 against .pif simscan: checking attachment textfile0 against .src simscan: checking attachment C against .exe simscan: checking attachment c against .bat simscan: checking attachment c against .pif simscan: checking attachment c against .src simscan:[30774]:ATTACH:0.0108s:c:(null):[EMAIL PROTECTED]:[EMAIL PROTECTED] simscan: exit error code: 82 qmail-inject: fatal: Your email was rejected because it contains a bad attachment: c Cheers! Quinn --------------------------------------------------------------------- Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
