>
> Here is the proof that QS bypasses Virus Scans on it....
>
> Thu, 08 Apr 2004 10:14:43 -0500:17737: from=Kathy Scott
> <[EMAIL PROTECTED]>,subj=FW: Mom & Russell,
> x-qmail-scanner-message-id=<[EMAIL PROTECTED]
> nmgi.com> via local process 17737 Thu, 08 Apr 2004 10:14:43
> -0500:17737: This is a PLAIN text message (because it's
> either not mime, or is text/plain), skip virus scanners - but not SA
>
With ripmime installed instead of reformime, we get a proper unpacking,
but Q-S still skips the virus scan...
Thu, 08 Apr 2004 13:45:15 -0500:31524: d_m: finished
/usr/local/bin/ripmime --unique_names -i - -d
/var/qmail/qmailscan/tmp/mailgw.nmgi.com108144991547131524/
[1081449916.83664]
Thu, 08 Apr 2004 13:45:15 -0500:31524: d_m: Checking all attachments to
see if they're MS-TNEF
Thu, 08 Apr 2004 13:45:15 -0500:31524: d_m: is
/var/qmail/qmailscan/tmp/mailgw.nmgi.com108144991547131524/textfile0 is
a TNEF file?: 256 [1081449916.83884]
Thu, 08 Apr 2004 13:45:15 -0500:31524: d_m: ren Dad, Lavena, Alta.jpg to
mailgw.nmgi.com108144991647131524DadLavenaAlta.jpg
Thu, 08 Apr 2004 13:45:15 -0500:31524: d_m: is
/var/qmail/qmailscan/tmp/mailgw.nmgi.com108144991547131524/mailgw.nmgi.c
om108144991647131524DadLavenaAlta.jpg is a TNEF file?: 256
[1081449916.84103]
Thu, 08 Apr 2004 13:45:15 -0500:31524: d_m: is
/var/qmail/qmailscan/tmp/mailgw.nmgi.com108144991547131524/textfile1 is
a TNEF file?: 256 [1081449916.84314]
Thu, 08 Apr 2004 13:45:15 -0500:31524: d_m: unpacking message took
1.408264 seconds
Thu, 08 Apr 2004 13:45:15 -0500:31524: unsetting QMAILQUEUE env var
Thu, 08 Apr 2004 13:45:15 -0500:31524: g_e_h: return-path is
"[EMAIL PROTECTED]", recips is "[EMAIL PROTECTED]"
Thu, 08 Apr 2004 13:45:15 -0500:31524: from=Kathy Scott
<[EMAIL PROTECTED]>,subj=FW: Dad, Lavena, Alta,
x-qmail-scanner-message-id=<[EMAIL PROTECTED]>
via local process 31524
Thu, 08 Apr 2004 13:45:15 -0500:31524: This is a PLAIN text message
(because it's either not mime, or is text/plain), skip virus scanners -
but not SA
Thu, 08 Apr 2004 13:45:15 -0500:31524: ini_sc: start scanning
With shareutils installed and $uudecode_binary set properly, we have AV
scans happening...
Thu, 08 Apr 2004 14:14:28 -0500:3856: Ooohhhh, a uuencoded attachment!
Thu, 08 Apr 2004 14:14:28 -0500:3856: c_a_g_u: /usr/local/bin/uudecode
/var/qmail/qmailscan/tmp/mailgw.nmgi.com10814516684693856/mailgw.nmgi.co
m10814516684693856-1-dad__lavena__alta.jpg.uue
Thu, 08 Apr 2004 14:14:28 -0500:3856: deleting uuencoded file as we have
a decoded version of it now
Thu, 08 Apr 2004 14:14:28 -0500:3856: scanloop:
scanner=clamdscan_scanner,plain_text_msg=0
I think this line...
if ($skip_text_msgs && ($contains_rfc822 < 2) && [EMAIL PROTECTED] &&
[EMAIL PROTECTED]) {
Should become...
if ($skip_text_msgs && $uudecode_binary && ($contains_rfc822 < 2) &&
[EMAIL PROTECTED] && [EMAIL PROTECTED]) {
That will ensure plain text messages are scanned if shareutils is not
installed.
Dallas
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id�70&alloc_id638&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
