From owner-freebsd-chat Mon Oct 25 18:43:50 1999 Delivered-To: freebsd-chat@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 0895C152A0; Mon, 25 Oct 1999 18:43:43 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id TAA12457; Mon, 25 Oct 1999 19:43:31 -0600 (MDT) Message-Id: <4.2.0.58.19991025194033.0452f6b0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 25 Oct 1999 19:43:29 -0600 To: Terry Lambert , kris@hub.freebsd.org (Kris Kennaway) From: Brett Glass Subject: Re: Hotmail security vulnerability (viruses) (fwd) Cc: chat@FreeBSD.ORG In-Reply-To: <199910260131.SAA22839@usr06.primenet.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Terry's right, of course. John Hardin has a package that does this, and it DOES run under FreeBSD. So the article's claim that there are no macro virus protection systems for FreeBSD is bogus. Our community network uses Hardin's package, and we've never seen a macro virus get through. See ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html --Brett At 01:31 AM 10/26/1999 +0000, Terry Lambert wrote: > > >From the referenced article (see below): > > > > Hotmail's engineers could not fix the problem because Hotmail runs on > > FreeBSD Unix, according to Star Internet. And Network Associates, which > > owns anti-virus software maker McAfee -- has produced a fourth version of > > McAfee anti-virus scanner that can detect Melissa-style macro viruses, but > > that version does not run on the FreeBSD Unix operating system used by > > Hotmail. > > > > ---- > > > > I guess the Linux vscan port doesn't do email scanning..does anyone know > > of something that does? I'm just curious.. > > >You can de-MIME anything MIME into a seperate file, and then run the >scan on it based on it being a file. You would need to do this >anyway, since you would need to seperate the queue-commit, scan, >and deliver phases of the process. > >You could do this pretty easily using "deferred" delivery mode in >sendmail, and then moving the queue files into a directory to be >scanned (there's perl code in the sendmail 8.9.3 distribution for >doing this with appropriate locking), and then into a third queue >directory after the attachments have been vetted, where you could >do a queue run to deliver them. I believe that all the pieces to >do this are already in "ports" (i.e. sendmail and metamail). > > >Another alternative is to use the Melissa patch for sendmail that is >available from sendmail.com, but this is a header blocking patch >that would not stop variants. > >Since Melissa is a Microsoft Word macro virus, one technique that >would work is to delete all MS Word attachments from all email that >flows through your server. 8-). > > >Scanning for viruses is a legal nightmare; consider if your users >get a virus anyway, after you have supposedly vetted the code. > > > Terry Lambert > terry@lambert.org >--- >Any opinions in this posting are my own and not those of my present >or previous employers. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-chat" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message