I was looking through the code on 1.21 and saw that virus scans are
disabled on plain text messages... This can be a problem when a plain
text message with an old style Uuencoded attachment is in-lined into a
message using begin and end statements... Take the following email for
example... (note I snipped the attachment so don't try to make this
jpeg load cuz it wont.. you want a copy of the message, email me, cuz
its too large for this list's 40kb limit).
-------------START MSG--------------------
Return-Path: <[EMAIL PROTECTED]>
Received: from 206.103.112.7 (EHLO kdsi.net) (206.103.112.7)
by mta130.mail.scd.yahoo.com with SMTP; Fri, 12 Mar 2004 20:01:51
-0800
Received: (qmail 11633 invoked from network); 13 Mar 2004 04:01:24 -0000
Received: from unknown (HELO 56kdialnp3.kdsi.net) (204.117.238.3)
by dns.kdsi.net with SMTP; 13 Mar 2004 04:01:24 -0000
Received: by 56kdialnp3.kdsi.net with Microsoft Mail
id <[EMAIL PROTECTED]>; Fri, 12 Mar 2004
22:00:55 -0600
From: Kathy Scott <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FW: Mom & Russell
Date: Fri, 12 Mar 2004 21:58:39 -0600
Encoding: 27 TEXT, 1467 UUENCODE
X-MS-Attachment: mom & russell.jpg 0 00-00-1980 00:00
Content-Length: 69836
----------
From: Kathy Scott[SMTP:[EMAIL PROTECTED]
Sent: Tuesday, March 09, 2004 11:14 PM
To: 'Linda Dirks'
Subject: FW: Mom & Russell
Importance: High
----------
From: Kathy Scott[SMTP:[EMAIL PROTECTED]
Sent: Saturday, February 21, 2004 12:27 AM
To: 'Linda Dirks'
Subject: Mom & Russell
Importance: High
This is mom, so I think this would have to be Russell? I think mom has
this picture, or one like it? I think it was taken over on the old
place
on the creek. It's got the dugout on the hill - looks like where the
dugout was that mom said Gm Edwards stayed in when they lived there,
before
they moved over to the big house we knew.
begin 600 mom & russell.jpg
M_]C_X `02D9)[EMAIL PROTECTED]@$`2 !(``#_[1&^4&AO=&]S:&]P(#,N, `X0DE-`^T*
M4F5S;VQU=&EO;@[EMAIL PROTECTED] ````$``3A"24T$#1A&6"!';&]B
[EMAIL PROTECTED]&EG:'1I;F<@06YG;&4`````! ```'@X0DE-!!D21E@@1VQO8F%L($%L
M=&ET=61E``````0````>.$))30/S"U!R:6YT($9L86=S````"0``````````
M`0`X0DE-! H.0V]P>7)I9VAT($9L86<``````0``.$))32<0%$IA<&%N97-E
M(%!R:6YT($9L86=S``````H``0`````````".$))30/U%T-O;&]R($AA;&9T
M;VYE(%-E='1I;F=S````2 [EMAIL PROTECTED]"AF9H`
[EMAIL PROTECTED]:[EMAIL PROTECTED]@```````3A"
M24T#^!=#;VQO<B!4<F%N<V9E<B!3971T:6YG<P```' ``/______________
M______________\#Z [EMAIL PROTECTED]
M_____________________________P/H`````/______________________
M______\#Z ``.$))300(!D=U:61E<P`````0`````0```D ```) `````#A"
M24T$'@U54DP@;W9E<G)I9&5S````! `````X0DE-!!H&4VQI8V5S`````',`
M```&``````````````*([EMAIL PROTECTED] !A`&0`,P!A`&(`80!B`'D````!
M``````````````````````````$``````````````78```*(````````````
M`````````````````````````````````#A"24T$$1%)0T,@56YT86=G960@
M1FQA9P````$!`#A"24T$%!=,87EE<B!)1"!'96YE<F%T;W(@0F%S90````0`
M```'.$))300,%4YE=R!7:6YD;W=S(%1H=6UB;F%I; ``#A<````!````00``
M`' ```#$``!5P ``#?L`& `!_]C_X `02D9)[EMAIL PROTECTED]@$`2 !([EMAIL PROTECTED]
M8F4`9( ````!_]L`A `," @("0@,"0D,$0L*"Q$5#PP,#Q48$Q,5$Q,8$0P,
[SNIP]
MEE38"\U_,C2'%UZB6<CBX4<6X,U"/$TR<6,F#)I<CVLD,[EMAIL PROTECTED]:OWTR5
M,4\\A:) ]U<PW5H>,[EMAIL PROTECTED]>[EMAIL PROTECTED],TU7R/Y;N-,#R6TJ^HE*(&K7[L`
M*:#Q&^\LR1WD\45M.J1L0A:-QT/N,D&)`M+IO+U_ZB2BUF"25K^[>M1UVIAK
MJ6)93Y>\GZI?P4"2J.!(#(PZ?,8#S\F02+6_+&IVMQ1[>5J]*1L?X80=Z04'
M#I>IT(^JRU&]#&U?U9-B64^4K?4XS)%Z,L9-&%48?K&1ME%-?,>BW3Z<[>G(
MS;G[)ZG?`:Z)>=OINHAB?JTNW<HW],06):72[YVY?5I03U/IM2OW9(A;55TR
M<PS^K;2AN%82(R1RJ.I-.(I7(D*2U;6VHVY)C20-3H4)PD*"JK#JC;M'*3W
M0G^&1X4VF-OJ&N11^BL;!:4_NS6GW8:6TQM=8\Q1Z9>6X5RDR*IJFXI*K;&G
+^3D3'<+Q;/\`_]E1
`
end
------------END MSG------------------------
Inject this message to yourself and see how your email client handles
it... Outlook 2000 shows me an attachment, so does Yahoo Mail.
Here is the proof that QS bypasses Virus Scans on it....
Thu, 08 Apr 2004 10:14:43 -0500:17737: from=Kathy Scott
<[EMAIL PROTECTED]>,subj=FW: Mom & Russell,
x-qmail-scanner-message-id=<[EMAIL PROTECTED]>
via local process 17737
Thu, 08 Apr 2004 10:14:43 -0500:17737: This is a PLAIN text message
(because it's either not mime, or is text/plain), skip virus scanners -
but not SA
I can do the same thing with an embedded exe. Beware if you are using
1.21... I'm not sure what other version are effected.. I know 1.15 is
safe because that is what I'm still using.
If anyone finds any flaws in my reasoning here.. Please let me know.
Dallas Engelken
Linux Administrator
Network Management Group, Inc.
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id�70&alloc_id638&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
