Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Oct 1999 01:31:22 +0000 (GMT)
From:      Terry Lambert <tlambert@primenet.com>
To:        kris@hub.freebsd.org (Kris Kennaway)
Cc:        chat@FreeBSD.ORG
Subject:   Re: Hotmail security vulnerability (viruses) (fwd)
Message-ID:  <199910260131.SAA22839@usr06.primenet.com>
In-Reply-To: <Pine.BSF.4.10.9910251308130.53784-100000@hub.freebsd.org> from "Kris Kennaway" at Oct 25, 99 01:11:06 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> >From the referenced article (see below):
> 
> Hotmail's engineers could not fix the problem because Hotmail runs on
> FreeBSD Unix, according to Star Internet. And Network Associates, which
> owns anti-virus software maker McAfee -- has produced a fourth version of
> McAfee anti-virus scanner that can detect Melissa-style macro viruses, but
> that version does not run on the FreeBSD Unix operating system used by
> Hotmail.
> 
> ----
> 
> I guess the Linux vscan port doesn't do email scanning..does anyone know
> of something that does? I'm just curious..


You can de-MIME anything MIME into a seperate file, and then run the
scan on it based on it being a file.  You would need to do this
anyway, since you would need to seperate the queue-commit, scan,
and deliver phases of the process.

You could do this pretty easily using "deferred" delivery mode in
sendmail, and then moving the queue files into a directory to be
scanned (there's perl code in the sendmail 8.9.3 distribution for
doing this with appropriate locking), and then into a third queue
directory after the attachments have been vetted, where you could
do a queue run to deliver them.  I believe that all the pieces to
do this are already in "ports" (i.e. sendmail and metamail).


Another alternative is to use the Melissa patch for sendmail that is
available from sendmail.com, but this is a header blocking patch
that would not stop variants.

Since Melissa is a Microsoft Word macro virus, one technique that
would work is to delete all MS Word attachments from all email that
flows through your server.  8-).


Scanning for viruses is a legal nightmare; consider if your users
get a virus anyway, after you have supposedly vetted the code.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910260131.SAA22839>