[Dshield] NAI uvscan (and maybe other AVs) under MIMEDefang may miss some viruses!

Jon R. Kibler Jon.Kibler at aset.com
Thu Sep 4 02:47:43 GMT 2003


If you are running NAI's uvscan under MIMEDefang, you may be missing some viruses! Some reports say that the problem exists with other AV software as well.

How do you know if you have a problem? If your version of uvscan supports the '--mime' option, then you have a problem.

By default, MIMEDefang calls uvscan WITHOUT the --mime option. There have been numerous reports on the MD discussion list about this being a problem -- especially when some AV scanners tamper with an attachment, then bounce the message, including the virus, (usually to a forged sender address) to a system using MIMEDefang. The problem appears to have first showed up with the latest version of SoBig.F, where a small, but significant percentage of the viruses were being missed.

The solution for NAI uvscan is to patch the code (in mimedefang.pl) where uvscan is called; just add the --mime argument.

For more info, look at the MIMEDefang discussion list archives at: 

Just a heads up...

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list