[unisog] MyParty

Christopher Cramer chris.cramer at duke.edu
Tue Jan 29 22:10:13 GMT 2002


okay, a few people have suggested that a one line patch to the perl
amavis probably won't take up too much bandwidth, so... <insert drum
roll>

*** amavisd.old Tue Jan 29 14:59:38 2002
--- amavisd     Tue Jan 29 14:59:32 2002
***************
*** 658,663 ****
--- 658,664 ----
       $filer->ignore_filename(1);
       $parser->filer($filer);
       $parser->extract_nested_messages("NEST");
+       $parser->extract_uuencode(1);

       do_log(4,"Extracting mime components");


okay, the patch is more than one line, but the addition to amavis is
only one line :-)   Basically, it instructs amavis to attempt to
uudecode the message body and put any results in the directory it will
be scanning with the anti-virus software.

-Chris




On Tue, 2002-01-29 at 15:42, Christopher Cramer wrote:
> On Tue, 2002-01-29 at 14:26, Joseph Brennan wrote:
> > An interesting point is that this is not a mime attachment.  It's a 
> > plain text message with a uuencoded portion.  So checks on attached
> > files will not necessarily catch this.
> > 
> > I was actually surprised to learn that people still use mail clients
> > that handle uuencoded paragraphs specially.  Mine (Mulberry) doesn't.
> > 
> 
> Yes, this sent us scrambling here.  We use Amavis and McAfee to detect
> and quarantine virus-infected email.  Some of the Myparty viruses were
> being caught but not all - the difference being mime encoding versus a
> uuencoded message in the email body.  
> 
> Our local mail guru managed to come up with a one line patch to
> Amavis-perl so that it catches both types of virus encoding.  He has
> just posted that fix to the amavis-bugs list.  If it would be of any use
> to folks here, please let me know - or check the amavis-bugs mailing
> list.
> 
> -Chris
> 
> -- 
> Christopher E. Cramer, Ph.D.
> Information Technology Security Officer
> Duke University,  Office of Information Technology
> 253A North Building, Box 90132, Durham, NC  27708-0291
> PH: 919-660-7003  FAX: 919-660-7076  email: chris.cramer at duke.edu
> 




More information about the unisog mailing list