Sedat,
At 13:11 (GMT+0300) on 10-May-2002, Sedat Yilmazer wrote:
>
> System_filter.exim has a bug. It only looks for file names WITHOUT a
> spave in it. If you send an "some virus file .exe" then }t passes
> through. I have changed the "......\\\\S+.... in the file name cheching
> with .....[^\n\r]+ and it seems to be working fine now...
I do not agree. Spaces in file names should be quoted (may that
should be a MUST in IETF language), e.g.
name="somthing with a space.txt"
the virus is not quoting the name, so using
name=somthing with a space.txt
As the message is part of a multipart related MIME message, the mail
client may not need to use the file name, and so this broken mime
header is not trapped.
Douglas.
>
> -----Original Message-----
> From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On
> Behalf Of Brown
> Sent: Friday, May 10, 2002 6:05 AM
> To: Exim List
> Subject: [Exim] the Klez virus
>
> This is a multi-part message in MIME format.
> --
> [ Picked text/plain from multipart/alternative ]
> Hi all,
>
> i'm having a bit of trouble filtering emails infected by the klez virus.
> I'm currently using system_filter.exim, which works well, but klez seems
> to be able to get through. Does anyone have any suggestions?
>
> Thanks
>
> Steven
> --
>
>
>
>
>
--
================================
Douglas GRAY STEPHENS
Technical Architect (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND
Phone +44 1223 325295
Mobile +44 773 0051628
Fax +44 1223 311830
Email DGrayStephens@???
================================
