Re: [Exim] virurstest.org test #19

Top Page
Delete this message
Reply to this message
Author: David
Date:  
To: exim-users
Subject: Re: [Exim] virurstest.org test #19
Hi !!

> However, the tcpdump shows that a genuine blank line was sent after
> the Subject: header line:
>
>   0x00c0   3e0d 0a53 7562 6a65 6374 3a20 5669 7275        >..Subject:.Viru
>   0x00d0   7320 5363 616e 6e65 7220 5465 7374 2023        s.Scanner.Test.#
>   0x00e0   3139 0d0a 0d0a 4d69 6d65 2d56 6572 7369        19....Mime-Versi
>   0x00f0   6f6e 3a20 312e 300d 0a43 6f6e 7465 6e74        on:.1.0..Content

>
> Therefore, Exim is quite correct in terminating the headers there. I
> cannot see that this is an Exim problem.


ok, true, now i test it at http://www.declude.com/tools/mailsend.html
and did not find any way to catch it using match against
$message_headers , maybe exim has cleaned up the headers, I'm doing
something wrong or this test is also broken ?

I use this in data acl:

   deny    condition   = ${if match{$message_headers}{\N^\b$\N}{yes}{no}}
           message     = Blank Folding Vulnerability detected



--
thanx & best regards ...

We give nothing as willingly as our advice.

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------