Re: [exim] Test #22 ("Partial (Fragmented) Vulnerability") f…

Top Page
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: exim-users
Subject: Re: [exim] Test #22 ("Partial (Fragmented) Vulnerability") from testvirus.org slipping by Exim/Exiscan/ClamAV
On 9/19/05 10:43 AM, "OpenMacNews" <OpenMacNews@???> wrote:

> hi david,
>
>>>    (Non-Virus): Test for the "Partial (Fragmented) Vulnerability". This

>
>> this test does not send the EICAR virus so clamav has nothing to detect
>
> yup. figured i'd need to manage it like the CLSID check ... in an exim.conf
> ACL
> check
>
>> on data acl:
>>
>>    # Fragmented messages

>>
>>    deny    message        = Fragmented message not allowed
>>            condition      = ${if match \
>>                             {$h_content-type:}{\N\bmessage/partial\b\N}}

>
> is that *it*?
>
> "message partial" in content-type?
>
> oh, for heaven's sake ...
>
> thx!
>
> richard


Note that Outlook Express 6 (and I think earlier, since I think we
encountered it before OE 6) on Windows is perfectly happy to "Break apart
messages larger than nnn KB" (a checkbox) located near the bottom of the
window:

Tools-->Accounts
Select an account
Properties-->Advanced

Thus, you may occasionally stop real messages by blocking these.

Two of my Accounts (in this OE I don't use except for testing) have this box
unchecked, with the nnn set to 60 (likely the default, as I wouldn't likely
have changed two accounts).

We ran into this one on a support call which can be summarized as
"I send my friend one message and she receives 23 messages".

It's actually "useful" (to the extent that using email for big files is
useful) as it works around server message size limitations.

I don't recall finding clients other than OE which would put the message
back together when receiving it, but we didn't look hard, either, since
unchecking the option solved the support problem.

--John