At 17:14 07-08-2003 -0400, you wrote:
of the ones "can not be caught", they are IFRAME links inside HTML content in message body, and Q-S is not doing message body pattern scanning.
Is there -any- reason to allow IFRAME content in EMAIL content??
AFAIK...you -could- stop IFRAME exploits in HTML with SpamAssassin's defang_mime=1 option but that would "disable" all HTML email (might not a bad thing depending on your POV ;)
my system with Q-S and clamav have no problem catching IFRAME exploits:
[snip]
The virus was reported to be:
Exploit.IFrame.HTML
yes...sorta... don't consider yourself immune.
clamAV can stop certain -kinds- of iframe exploits, e.g. those using CID ref's
("~" inserted below to prevent scanner problems)
<i~frame src=cid:D21W5Bb4Xmsf7sl height=0 width=0> </i~frame>
but will not "catch" the type sent in GFI's tests:
<i~frame
src="http://gfisoftware.com/emailsecuritytest/exploit/accesshtml.mht"; width=0 height=0>
</i~frame>
Try pasting each of the bits above into separate files and scan with clamscan (without the ~ of course)
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
