I got a virus this morning that made it past clamav-milter 0.87.1. The
attachment was double-encoded: after decoding the base64 email, it left
a uuencoded file. That file apparently bypassed being scanned because
it had a ^M at the end of the line (which violates the spec, but don't
tell M$ that!). So uudecode barfed on it with a "No `end' line"
message. But passing it through dos2unix results in a uudecode-able
file, which was then recognized as Worm.VB-8.
I'm guessing the uudecoder in clamav needs to be modified to strip any
^M from the file to allow for successful decoding? Note that I haven't
yet looked at the source, as I wanted to get the warning out quickly.
Damian Menscher
--
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Ofc:(650)253-2757 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
