Hi,
below a message from the amavis list.
Probably time to update the system.filter (
ftp://ftp.exim.org/pub/filter/),
but whats the best to check for the bad subject line, as described on
securityfocus.com?
Regards
Wolfgang
>There was a posting to bugtraq last night
>(http://www.securityfocus.com/archive/1/255910) about a "feature" in
>Outlook and Outlook Express where the clients will both pick up
>attachements that techincally start in the headers. For example, the
>following simply program will send the eicar.com virus as part of the
>subject heading. Eudora and other MUAs ignore this, but Outlook and
>Outlook Express see it as an attachment. The problem is Amavis will not
>see this and let the infected mails through. Does anyone know of a work
>around with Amavis ?
>
>
>
>#!/usr/bin/perl
>$mailprog="/usr/sbin/sendmail";
>
>
>open( MAIL, "|$mailprog target\@example.com") || die "Can't open
$mailprog!\n";
>print MAIL "Subject: virus test \r\rbegin 644 eicar.com\r";
>print MAIL "UUENCODED-STUFF-GOES-HERE\r";
>print MAIL "MORE-UUENCODED-STUFF\r";
>print MAIL "`\r";
>print MAIL "end\r\n";
>
>print MAIL "\n";
>print MAIL "Actual body\n";
>
>
>close(MAIL);
>--------------------------------------------------------------------
>Mike Tancsa, tel +1 519 651 3400
>Sentex Communications, mike@???
>Providing Internet since 1994 www.sentex.net
>Cambridge, Ontario Canada www.sentex.net/mike