chris.cramer at duke.edu
Tue Jan 29 22:10:13 GMT 2002
okay, a few people have suggested that a one line patch to the perl
amavis probably won't take up too much bandwidth, so... <insert drum
*** amavisd.old Tue Jan 29 14:59:38 2002
--- amavisd Tue Jan 29 14:59:32 2002
*** 658,663 ****
--- 658,664 ----
do_log(4,"Extracting mime components");
okay, the patch is more than one line, but the addition to amavis is
only one line :-) Basically, it instructs amavis to attempt to
uudecode the message body and put any results in the directory it will
be scanning with the anti-virus software.
On Tue, 2002-01-29 at 15:42, Christopher Cramer wrote:
> On Tue, 2002-01-29 at 14:26, Joseph Brennan wrote:
> > An interesting point is that this is not a mime attachment. It's a
> > plain text message with a uuencoded portion. So checks on attached
> > files will not necessarily catch this.
> > I was actually surprised to learn that people still use mail clients
> > that handle uuencoded paragraphs specially. Mine (Mulberry) doesn't.
> Yes, this sent us scrambling here. We use Amavis and McAfee to detect
> and quarantine virus-infected email. Some of the Myparty viruses were
> being caught but not all - the difference being mime encoding versus a
> uuencoded message in the email body.
> Our local mail guru managed to come up with a one line patch to
> Amavis-perl so that it catches both types of virus encoding. He has
> just posted that fix to the amavis-bugs list. If it would be of any use
> to folks here, please let me know - or check the amavis-bugs mailing
> Christopher E. Cramer, Ph.D.
> Information Technology Security Officer
> Duke University, Office of Information Technology
> 253A North Building, Box 90132, Durham, NC 27708-0291
> PH: 919-660-7003 FAX: 919-660-7076 email: chris.cramer at duke.edu
More information about the unisog