[Top] [All Lists]

Re: Virus scanning non-structured emails

2004-07-09 07:10:02

At 14:10 09/07/2004, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

*MY* thinking is in line with yours - if the lack of MIME is that broken,
the virus scanner shouldn't bother.  However, there's 2 points to remember:

1) the MUA may be silly enough to attempt message reassembly, or auto-parse
any HTML/Javascript found in the message (even though it is a text/*PLAIN*
by default) - remember we live in a world where "helpful" MUAs will find
executable code *inside a .JPG* and run it for you...

Yes, that's my concern.

(The thing that brought this issue up was that the virus scanning function in our MTA isn't currently detecting a virus in the email, but the same virus scanning engine with its 'scan inside mailbox' option enabled IS detecting a virus in the mail file. So, obviously we're getting complaints that our MTA scanner isn't working.)

I've thought about it and I really can't see any sensible way to actually scan the message.. It looks as if the virus scanning engine is just looking for the text 'Content-Transfer-Encoding:' anywhere in the message text and is trying to decode the following text accordingly. This seems decidedly dodgy to me.

Paul                            VPOP3 - Internet Email Server/Gateway