Il lun, 2004-09-27 alle 02:27, Jason Haar ha scritto:
> Can you send me two .eml files - one with virus.abc and one with virus.txt -
> which replicates the problem? You will need to put them in a
> password-protected ZIP file (or GPG) to stop anything triggering at my end
> of course. Obviously prove to yourself first that those two emails *are*
> identical except for the choice of filename...
I have send the files to Jason whit this mail:
On my client I use for send the file this command:
+ mutt -a virus.pif -s 'Allegato con virus virus.pif' [EMAIL PROTECTED]
+ mutt -a virus.txt -s 'Allegato con virus virus.txt' [EMAIL PROTECTED]
My client use FC1 standard sendmail for delivery the messages.
I have stop sendmail and I see in the /var/spool/clientmqueue the
original messages:
The messages there are formatted different:
[EMAIL PROTECTED] clientmqueue]# ls -l *
-rw-rw---- 1 lesca smmsp 81272 5 ott 12:36 dfi95AaRbn010500
-rw-rw---- 1 lesca smmsp 23844 5 ott 12:36 dfi95AaRwk010492
-rw-rw---- 1 lesca smmsp 881 5 ott 12:36 qfi95AaRbn010500
-rw-rw---- 1 lesca smmsp 880 5 ott 12:36 qfi95AaRwk010492
[EMAIL PROTECTED] clientmqueue]# head -13 dfi95AaRbn010500 dfi95AaRwk010492
==> dfi95AaRbn010500 <==
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
ti mando il file virus.txt
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="virus.txt"
Content-Transfer-Encoding: quoted-printable
MZ=EF=BF=BD=00=03=00=00=00=04=00=00=00=EF=BF=BD=EF=BF=BD=00=00=EF=BF=BD=00=
==> dfi95AaRwk010492 <==
--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
ti mando il file virus.pif
--fdj2RfSjLxBAspz7
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="virus.pif"
Content-Transfer-Encoding: base64
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
On the QS server dom.it the email whit virus.pif is blocked and the mail
whit virus.txt passed:
Oct 5 12:36:10 roma qmail-scanner[9419]: Clear:RC:0(1.2.3.4): 0 1100
[EMAIL PROTECTED] <>
virus_trovato_in_un_messaggio_inviato_"Allegato_con_virus_virus.pif"
[EMAIL PROTECTED] quarantine-event.txt:1000
Oct 5 12:36:10 roma qmail-scanner[9419]: Clear:RC:0(1.2.3.4): 0 1100
[EMAIL PROTECTED] <>
virus_trovato_in_un_messaggio_inviato_"Allegato_con_virus_virus.pif"
[EMAIL PROTECTED] quarantine-event.txt:1000
Oct 5 12:36:10 roma qmail-scanner[9419]:
CLAMDSCAN:Worm.SomeFool.Gen-1:RC:0(1.2.3.4): 0.515716 24719
[EMAIL PROTECTED] [EMAIL PROTECTED] Allegato_con_virus_virus.pif
<[EMAIL PROTECTED]> virus.pif
Oct 5 12:36:11 roma qmail-scanner[9422]: Clear:RC:0(1.2.3.4): 0.72146
82147 [EMAIL PROTECTED] [EMAIL PROTECTED]
Allegato_con_virus_virus.txt <[EMAIL PROTECTED]>
1096972571.9443-0.roma.dom.it:27 orig-roma.dom.it10969725704829422:82147
virus.txt:30404
I have put this modify to Q-S.pl:
[EMAIL PROTECTED] pubblica]# diff /usr/bin/qmail-scanner-queue.pl
/usr/bin/qmail-scanner-queue.pl.ok
2321d2320
< $DD=`cp -a $ENV{'TMPDIR'} /var/tmp/. 2>&1`;
The 2 folder copied are in the file server.tar.gz
The file virus.txt in this folder is different from the original files.
I use maildrop 1.5.0
Tell me if this information are sufficient, and sorry for my bad
english.
Many thanks.
--
Dario Lesca <[EMAIL PROTECTED]>
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
