>I wouldn't necessarily call this a vulnerability. I ran into this when writting the Regex Scanner for QSQ. Find $skip_text_msgs and set it to 0 so that all e-mails, including plain text, are scanned.
This only applies to the 1.2x versions, 1.1x don't have this feature.
You don't call this a vuilnerability??? What happens when the next virus outbreak comes in as inline uuencoded attachments instead of a jpeg like in my example and QS doesn't run virus scans on them because the message is plain text? Reformime wont even blow these messages apart...
[EMAIL PROTECTED] tmp]# reformime -i < msg1 section: 1 content-type: text/plain content-transfer-encoding: 8bit charset: iso-8859-1 starting-pos: 0 starting-pos-body: 771 ending-pos: 103899 line-count: 1693 body-line-count: 1677
So perlscanner will not help you when you try and block .pif or .exe that are embedded inline...
I did not try ripmime to see if it pulls the inline uuencoding.
I know how to fix the damn thing.. But I really don't care at this point because like I said, I don't use it yet. I guess I just like to look at code before throwing it onto something.
I just want everyone else to know that this is a problem with Q-S that needs to be addressed before it is used in production environment.
What about installing "sharutils"?
From the rpm or from the source.
ftp://ftp.gnu.org/pub/gnu/sharutils/sharutils-4.2.1.tar.gz
Qmail-scanner has a routine for uudecode.
My server have not received any uuencode attachment in the last 10 weeks...
Cheers
Salvatore
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
