Re: [Exim] Re: fragmented ?

Top Page
Delete this message
Reply to this message
Author: Leonardo Boselli
Date:  
To: Sheldon Hearn
CC: exim-users
Subject: Re: [Exim] Re: fragmented ?
OK ... but i think it should not be used since based only on partial
message one cannot be sure that teh content is malicious.
One should accept, store and block only when enought code is
arrived to trigger the virus, but I think it would be a bit difficult.
But then one if it is so paranoid, should also take in consideration
that message (outlook traps) that have inside them an url pointing
to an object that is an executable not being a virus, but just a
program containing a *PG* key and istructions to search for an
encrypted message (for example the background image of the
message itself), that would not have triggered the antivirus by itself,
and executes the decoded file ....

On 13 Oct 2002, at 15:15, Sheldon Hearn wrote:

> On (2002/10/12 10:18), Leonardo Boselli wrote:
>
> > > with viral content. We've also configured Exim to reject
> > > fragmented messages, that could otherwise be used to "slip viruses
> > > through" the virus scanner.
> >
> > how can otherwise accept a "fragmented message" ???? (i think it is
> > a message sent in multiple parts of the same message ? ) how do you
> > recognize a message as "fragmented" ???
>
> This was discussed on the mailing list within the last week. :-)
>
> Start as Message-ID <20021007134709.GC32609@???>.
>
> Ciao,
> Sheldon.
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/ ##
>



--
Leonardo Boselli
Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile
Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
tel +39 0554796431 cell +39 3488605348 fax +39 055495333
http://www.dicea.unifi.it/~leo