Re: [exim] Test #22 ("Partial (Fragmented) Vulnerability") f…

Top Pagina
Delete this message
Reply to this message
Auteur: David Saez Padros
Datum:  
Aan: OpenMacNews
CC: exim-users
Onderwerp: Re: [exim] Test #22 ("Partial (Fragmented) Vulnerability") from testvirus.org slipping by Exim/Exiscan/ClamAV
Hi !!

>    (Non-Virus): Test for the "Partial (Fragmented) Vulnerability". This 
> does
>    not include the EICAR virus, however your mail server should still block
>    this since a virus can use this technique to break itself into multiple
>    emails, bypassing virus scanners, and reassembling itself in your 
> inbox. **

>
> i'm finding nothing on EICAR, this or the clamav lists, or google for
> that matter, on this 'thing' ...


this test does not send the EICAR virus so clamav has nothing to detect

> any wisdom as to what it is, what to search on ... or, more to the
> point, how to 'kill it' in Exim?


on data acl:

# Fragmented messages

   deny    message        = Fragmented message not allowed
           condition      = ${if match \
                            {$h_content-type:}{\N\bmessage/partial\b\N}}


--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------