lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
From: nik at aboleo.net (Nik Reiman) Subject: f-prot not catching mimail ? As previously noted, the problem here seems to be with the f-prot binary, not the actual virus signatures/definitions. Try upgrading the f-prot package, and it'll probably work fine. -Nik psz@...hs.usyd.edu.au quoth: > >>I cannot see anything "special" in the MIME structure of Mimail that would > >>cause f-prot to miss the ZIP attachment (or maybe it is the structure of > >>the ZIP that f-prot cannot unpack?). > > > > I was told its the encoding scheme in the .html file thats the problem. > > Currently the scanner does not support that type of encoding. > > It seems to me that the HTML contains the binary EXE without any encoding: > > $ cat -v message.html | fold | head -5 > MIME-Version: 1.0 > Content-Location:File://foo.exe > Content-Transfer-Encoding: binary > > MZM-^P^@^C^@^@^@^D^@^@^@...?M-^?^@^@...^@^@^@^@^@^@^@@^@^@^@^@^@^@^@^@^@^@^@^@^@ > > Regardless, f-prot should list the ZIP attachment, and the files contained > within the ZIP ... > > Cheers, > > Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/ > School of Mathematics and Statistics University of Sydney 2006 Australia > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > -- Nik Reiman // nik@...leo.net \\ http://www.aboleo.net
Powered by blists - more mailing lists