Re: f-prot not catching mimail ?

[Nik Reiman <nik () aboleo net>]

As previously noted, the problem here seems to be with the f-prot
binary, not the actual virus signatures/definitions.  Try upgrading
the f-prot package, and it'll probably work fine.

-Nik

psz () maths usyd edu au quoth:
> > > I cannot see anything "special" in the MIME structure of Mimail that would
> > > cause f-prot to miss the ZIP attachment (or maybe it is the structure of
> > > the ZIP that f-prot cannot unpack?).
> >
> > I was told its the encoding scheme in the .html file thats the problem. 
> > Currently the scanner does not support that type of encoding.
>
> It seems to me that the HTML contains the binary EXE without any encoding:
>
> $ cat -v message.html | fold | head -5
> MIME-Version: 1.0
> Content-Location:File://foo.exe
> Content-Transfer-Encoding: binary
>
> MZM-^P^@^C^@^@^@^D^@^@^@M-^?M-^?^@^@M-8^@^@^@^@^@^@^@@^@^@^@^@^@^@^@^@^@^@^@^@^@
>
> Regardless, f-prot should list the ZIP attachment, and the files contained
> within the ZIP ...
>
> Cheers,
>
> Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
> School of Mathematics and Statistics  University of Sydney   2006  Australia
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
Nik Reiman // nik () aboleo net \\ http://www.aboleo.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html