RE: [Qmail-scanner-general]QS Vulnerability - Exploiting "No virus scan on plain text messages"

[Dallas L. Engelken]

> 
> I wouldn't necessarily call this a vulnerability.  I ran into
> this when writting the Regex Scanner for QSQ.  Find 
> $skip_text_msgs and set it to 0 so that all e-mails, 
> including plain text, are scanned.
> 
> This only applies to the 1.2x versions, 1.1x don't have this feature.
> 

You don't call this a vuilnerability???  What happens when the next
virus outbreak comes in as inline uuencoded attachments  instead of a
jpeg like in my example and QS doesn't run virus scans on them because
the message is plain text?    Reformime wont even blow these messages
apart...

[EMAIL PROTECTED] tmp]# reformime -i < msg1
section: 1
content-type: text/plain
content-transfer-encoding: 8bit
charset: iso-8859-1
starting-pos: 0
starting-pos-body: 771
ending-pos: 103899
line-count: 1693
body-line-count: 1677

So perlscanner will not help you when you try and block .pif or .exe
that are embedded inline...

I did not try ripmime to see if it pulls the inline uuencoding.

I know how to fix the damn thing..  But I really don't care at this
point because like I said, I don't use it yet.   I guess I just like to
look at code before throwing it onto something.

I just want everyone else to know that this is a problem with Q-S that
needs to be addressed before it is used in production environment.

Dallas




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general