fetchmail-friends
[Top] [All Lists]

Re: [fetchmail]ALERT: Possible Email Virus that affects fetchmail

2001-08-20 19:16:59
David Findlay <david_j_findlay(_at_)yahoo(_dot_)com(_dot_)au> writes:

I just received an email that crashed halted fetchmail/sendmail on my 
machine. Fetchmail just sat there trying to deliver the message forever. On 
inspection of the message using Yahoo mail, I found it to contain random 
data, that looks like some sort of buffer overflow attack, followed by 
machine code. It also contains a binary picture. The mail seems to be called 
"Love Days" and has a faulty header. The MAIL FROM: 
wherever(_at_)wherever(_dot_)com 
field is immediately followed on the same line by SIZE: 4532. This is where 
fetchmail halts waiting for sendmail to accept it. Sendmail continues to work 
fine for all other mail operations, it's only the fetchmail process that's 
halted. A fix could be done immediately by making fetchmail handle the broken 
header, and deliver it anyway. I forgot to save a copy of the mail, so I 
can't find out what it does to windows clients, but that is outside the scope 
of fetchmail. Fetchmail only needs to deliver messages reliably to the MTA. 

Hmmm... If I understood it correctly, this is a sendmail fault, right?
Fetchmail got the message and was trying to send it to
sendmail. That's what I understood with your "only the fetchmail
process that's halted". Other operations would be get mail from other
servers, send mail, etc. or I'm doing some mistake here? 

If you still have some access to that message, could you please try
delivering it directly to your MDA instead of your MTA? You can do
that with something like "fetchmail -m procmail" (if your MDA is
procmail). If this works, then you have a sendmail bug.

Another thing to do is to take a look at your sendmail's logs. They
should have some clue. 



-- 
Godoy. <godoy(_at_)conectiva(_dot_)com>

Solutions Developer       - Conectiva Inc. - http://www.conectiva.com
Desenvolvedor de Soluções - Conectiva S.A. - http://www.conectiva.com.br


<Prev in Thread] Current Thread [Next in Thread>