spf-discuss
[Top] [All Lists]

Re: Re: clamav plugin?

2004-01-29 15:59:08
Le 04-01-29, à 14:42, Guillaume Filion a écrit :
"frank" <ratty(_at_)they(_dot_)org> wrote:
Just today I installed clamav and I'm having problems with it too. In my
case, I finally tracked it down to SPF. The SPF plugin adds a
"Received-SPF:" header to the top of the message and I believe clamav is
choking on it because it wants to read a plain "Received:" header. I
haven't checked clamav sources but experimentation shows this to be the
case. I guess I could add an extra blank "Received:" inside the plugin
code for a quick fix.

Yep, you've got it. I can reproduce with a sample virus message (with full
headers). I put a Received-SPF header on top of the message in file
"virus-bug-clamav-withspf" and I put the exact same message without the
Received-SPF header in virus-bug-clamav-nospf.

Looks like Steve Bellovin was right:
|       The Received-SPF header line is badly specified.  It doesn't
|       follow the the standards for other RFC 822/2822 headers
|       (i.e., it requires exactly one space in certain places
|       where an arbitrary amount of white space (including none)
|       is permitted in other headers); it has some things as
|       comments (receiving host) that should be parseable; and it
|       doesn't mandate that Received-SPF lines from outside of
|       the domain MUST be deleted.  (The actual requirements here
|       are more complex; I won't go into details in this note.)
|       Yes, the line as specified is a bit easier to parse, but
|       any spam filter is going to have to deal with many other
|       headers, and hence will have to have a full-fledged 822/2822
|       parser.

I know that the spec is frozen, but how bad would it be to change the header from something like: Received-SPF: unknown (domain of sender domain.com does not designate mailers)
to something like:
Received: SPF unknown (domain of sender domain.com does not designate mailers); 25 Jan 2004 22:52:52 -0000

I'm no expert but it would seem to me that it would respect RFC822/2822. I'm going to put both in my version of qpsmtpd so that clamav will work correctly at least.

Cheers,
GFK's
--
Guillaume Filion, ing. jr
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>