Re: [Exim] More windows viruses

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM+\Chris Edwards at <-
MMMMMAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Tor Slettnes
CC: Nigel Metheringham, Exim Mailing List
Subject: Re: [Exim] More windows viruses
On Thu, 18 Mar 2004, Tor Slettnes wrote:
>
> Well, I get zero viruses with the following snippet:
>
>      # Unpack MIME containers and reject file extensions used by worms.

That won't work with Bagle.Q since its invection vector message doesn't
have any attachments.

I note that the ClamAV signature for Bagle.[QRST] assumes CRLF newlines,
but at least on my setup (Exim+MailScanner) the messages have had the CRs
removed by Exim before they get to ClamAV so the viruses are slipping
through :-( Fortunately the ClamAV signature format is open enough that I
can fix the problem :-)

--
Tony Finch <dot@???> http://dotat.at/



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] More windows virusesRe: [Exim] Do I use the same TLS certificate on all my hosts?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)