On Thu, Jan 08, 2004 at 01:38:37AM +0100, Tomasz Papszun wrote: > > In case someone is interested, I'm including here test results of > a set: > Postfix + Amavisd-new (20030616p5-6) + ClamAV (0.60+BugFixesFromCVS-20030916). > > >From the 1st group of tests on www.antivirus.org, only 1 of 15 test > messages was let through: > > Nr 8. "Eicar virus sent using BinHex encoding within a MIME segment". >
My amavisd-new doesn't seem to decode BinHex encoded attachments. Maybe you should take this up with the amavis-users list. Although the real problem may be that my file-4.07 program identifies the binhex encoded file as "Emacs v18 byte-compiled Lisp data" > > >From the 2nd group of tests (important only for M$ Outlook), 5 of 7 > test messages were let through: > > Nr 2. "Outlook 'Space Gap' vulnerability (includes Eicar virus as hidden > attachment)", > The 'Space Gap' test contains a base-64 encoded attachment named eicar.com, but it doesn't seem to actually be the eicar test file when it's decoded. I wouldn't expect any scanner to catch it. > Nr 3. "Outlook 'Blank Folding' Vulnerability (does not include Eicar > virus"), > > Nr 4. "Outlook 'Boundary Space Gap' Vulnerability (does not include > Eicar virus)", > > Nr 5. "Outlook 'Long Boundary' Vulnerability (does not include Eicar > virus)", > > Nr 7. "A file with a CLSID extension which may hide the real file > extension (does not include Eicar virus)". I'm not sure these are exploits we need to be concerned about, but they can probably be blocked with postfix 2.x mime_header_checks. -- Noel Jones ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
