Re: [Exim] virurstest.org test #19

Top Pagina
Delete this message
Reply to this message
Auteur: Philip Hazel
Datum:  
Aan: David
CC: exim-users
Onderwerp: Re: [Exim] virurstest.org test #19
On Mon, 29 Mar 2004, David wrote:

> when I check test #19 at www.virustest.org I get the following:
>
>  From - Sat Mar 27 11:27:57 2004
> X-UIDL: UID39583-1069500867
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-path: <tester@???>
> Envelope-to: david@???
> Delivery-date: Sat, 27 Mar 2004 11:31:52 +0100
> Received: from crc2.excedent.us ([12.5.19.157] helo=mail01.excedent.us)
>    by a.mx.ols.es with esmtp (Exim 4.30)
>    id 1B7B6W-0007dW-BI
>    for david@???; Sat, 27 Mar 2004 11:31:52 +0100
> X-Originating-Ip: 80.58.42.235
> Message-Id: <992902.@testvirus.org>
> Date: Sat, 27 Mar 2004 05:40:13 -0500
> From: "TESTVIRUS.org" <tester@???>
> To: <david@???>
> Subject: Virus Scanner Test #19
> Received-SPF: none (rackuk.ols.es: domain of tester@??? does
> not designate permitted sender hosts)
> X-OLS-Whitelisted: no
> X-Virus-Scanned: by ClamAV at a.mx.ols.es on Sat, 27 Mar 2004 11:31:52 +0100
> X-Origin-Country: [US]
> X-Recipients: 1
> X-SPAM-OLSId:
> 12.5.19.157/tester@???/1B7B6W-0007dW-BI-29358@???

>
> Mime-Version: 1.0
> Content-Type: multipart/mixed;
>
>
> note that the body starts wiht the header line that follows the white
> space and all custom headers have been added at that point.


I have just run test #19 myself, getting it to send the message direct
to my workstation. No virus scanners were involved. The headers I
received looked weird, but I had taken the precaution of running tcp
dump to see what actually arrived. The message I got looked like this:

  Received: from crc2.excedent.us ([12.5.19.157]:3010 helo=mail01.excedent.us)
          by xxxxxx.cam.ac.uk with esmtp (Exim 4.31)
          id 1B7wf1-0003Vp-Cn
          for ph10@???; Mon, 29 Mar 2004 14:18:39 +0100
  X-Originating-Ip: 131.111.8.97
  Message-Id: <921079.@testvirus.org>
  Date: Mon, 29 Mar 2004 08:26:17 -0500
  From: "TESTVIRUS.org" <tester@???>
  To: <ph10@???>
  Subject: Virus Scanner Test #19


  Mime-Version: 1.0
  Content-Type: multipart/mixed;
          BounDary="=====================_307115168==_"
  --=====================_307115168==_
  Content-Type: application/zip; name="eicar.zip";
   x-mac-type="705A4950"; x-mac-creator="705A4950"
  Content-Transfer-Encoding: base64
  Content-Disposition: attachment; filename="eicar.zip"


UEsDBAoAAAAAAGZGpiw8z1FoRAAAAEQAAAAJAAAARUlDQVIuQ09NWDVPIVAlQEFQWzRcUFpYNTQo
UF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCpQSwECFAAK
AAAAAABmRqYsPM9RaEQAAABEAAAACQAAAAAAAAABACAAAAAAAAAARUlDQVIuQ09NUEsFBgAAAAAB
AAEANwAAAGsAAAAAAA==
--=====================_307115168==_
Content-Type: text/plain; charset="us-ascii"; format=flowed

However, the tcpdump shows that a genuine blank line was sent after
the Subject: header line:

  0x00c0   3e0d 0a53 7562 6a65 6374 3a20 5669 7275        >..Subject:.Viru
  0x00d0   7320 5363 616e 6e65 7220 5465 7374 2023        s.Scanner.Test.#
  0x00e0   3139 0d0a 0d0a 4d69 6d65 2d56 6572 7369        19....Mime-Versi
  0x00f0   6f6e 3a20 312e 300d 0a43 6f6e 7465 6e74        on:.1.0..Content


Therefore, Exim is quite correct in terminating the headers there. I
cannot see that this is an Exim problem.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book