There is a new trojan class out the that sends out the binary attachment as part of a nested MIME message with boundary strings that are identical rather than different as *required* by RFC.
As usual, Outlook in it's infinite wisdom decided to "guess" what to do with such messages, whereas reformime ignores the bad attachment: end result - no virus saved to disk - Q-S calls AV which then misses the virus... This really isn't a fault of reformime, it's supposed to be a MIME parser - not a "find all dicky messages out there" parser. As such I'll have to think of some way of doing this within Q-S, however all is not lost. If you have a decent antivirus system, simply enabling "--redundant yes" when "./configure"'ing Q-S should mean that after trying (unsuccessfully) to find the virus/trojan, Q-S will then call the AV on the "raw" mail message instead of just the attachments, and it may (depends on what you're running) pick it up. Note that this will add load on your system as now the AV effectively double-scans each message. My plans for correcting this are: * try out other options besides reformime - they may catch it (easy) * accelerate Q-S v2 development, as it already partially contains this functionality (harder) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-announce mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
