Author: Richard.Hall Date: To: Exim Users Subject: Re: [Exim] FYI: clamav 0.65 remote DOS exploit
Hi,
On Mon, 9 Feb 2004, Oliver Eikemeier wrote:
> >Description:
>
> It is trivial to crash clamd using a malformed uuencoded message,
> resulting in a denial of service for all programs (e.g. exiscan-acl)
> relying on clamd running. The message must only contain one uuencoded
> line with an illegal line lenght, i.e. starting with a small letter. [...]
Am I right in thinking that, if I am using exiscan and 'demime=*', then
all the uudecode'ing has already been done before clamd gets its hands on
things? And therefore I am immune from this problem?
Or does the existence of the .eml copy of the full original message still
leave me with problems?