RE: [Nolug] Mimedefang not stopping new virus

From: Mark A. Hershberger <mah_at_everybody.org>
Date: Wed, 04 Feb 2004 12:03:02 -0600
Message-Id: <1075917781.1433.82.camel@localhost>

On Wed, 2004-02-04 at 09:41, J. Kent Busbee, Jr. wrote:

> OK... so clamav does NOT work in all cases. That's NOT GOOD. I'm not
> sure I understand WHY it does not work. Base64, what is that, some sort
> of email compression/mime format?

ClamAV scans binary files, not email. Amavis, mimedefang, or whatever
has to extract the attachments from the email before ClamAV (or any
other virus scanner, for that matter) can examine them.

Base64 is a format for transmitting binary files in a 7-bit format. It
takes less than 1.5x the amount of space as the raw binary format.
That's less space than UUENCODE, which is why most encoding is done
using Base64.

> Here is the weird part to me. If I scan the zipped virus file,
> clamdscan FINDS it. But if I email that same file to myself using
> Outlook, it gets through; no warnings, no errors. So, is my
> mimedefang/clamav not setup right, or is this a useless virus protection
> setup.

Your mimedefang/clamav is not set up correctly. mimedefang can unzip
files for scanning.

> Is there another open source virus protection solution that I should
> consider?

I mentioned the Postfix/Amavis/SpamAssassin/ClamAV setup on this list
the other day. I found that it was a lot easier to set up and I won't
be plagued by Sendmail's bugs.

If you use Debian, this setup is incredibly easy to accomplish. I'm
willing to post a HOWTO, if needed.

Mark.

___________________
Nolug mailing list
nolug@nolug.org
Received on 02/04/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST