From owner-freebsd-ports@FreeBSD.ORG Wed Mar 22 11:02:46 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F70E16A422 for ; Wed, 22 Mar 2006 11:02:46 +0000 (UTC) (envelope-from apircalabu@bitdefender.com) Received: from mail.bitdefender.com (ns.bitdefender.com [217.156.83.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB0C943D64 for ; Wed, 22 Mar 2006 11:02:42 +0000 (GMT) (envelope-from apircalabu@bitdefender.com) Received: (qmail 15298 invoked by uid 1010); 22 Mar 2006 13:02:39 +0200 Received: from apircalabu.dsd.ro (10.10.15.22) by mail.bitdefender.com with AES256-SHA encrypted SMTP; 22 Mar 2006 13:02:39 +0200 Date: Wed, 22 Mar 2006 13:00:25 +0200 From: Adi Pircalabu To: Chris Message-ID: <20060322130025.5527e406@apircalabu.dsd.ro> In-Reply-To: <20060322024110.5z4jw43b4ww00cgs@webmail.1command.com> References: <20060321233021.59hsmdorkgckc0so@webmail.1command.com> <20060322103146.3c1f6997@it.buh.tecnik93.com> <20060322110819.63f7e511@apircalabu.dsd.ro> <20060322024110.5z4jw43b4ww00cgs@webmail.1command.com> Organization: BitDefender X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.16; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BitDefender-SpamStamp: 1.1.4 049000040111AAAAAAE X-BitDefender-Scanner: Clean, Agent: BitDefender Qmail 1.6.2 on mail.bitdefender.com X-BitDefender-Spam: No (0) Cc: Ion-Mihai Tetcu , "\[FBSDP\]" Subject: Re: bdc BitDefender Console - problems, problems X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 11:02:46 -0000 On Wed, 22 Mar 2006 02:41:10 -0800 Chris wrote: > >> > bdc --arc --files --log --debug --mail --disinfect /var/mail > >> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) > >> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. > >> > > >> > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME > >> > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd > >> > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100 > >> > (CET)]=>(MIME part)=>q361598.exe deleted <- cevakrnl.xmd > >> > /var/mail/infos=>(message 37)=>[Subject: Mic ... Feb 2006 > >> > 21:29:16 +0100 (CET)]=>(MIME part) updated <- mime.xmd > >> > /var/mail/infos=>(message 37) updated <- mbox.xmd > >> > /var/mail/infos update failed > > > > This is exactly what I wrote above. It can take actions upon an > > infected object, but does NOT update the mbox file itself. > > On the other hand, what are the real benefits of disinfecting a > > mailbox? The virus in this case is MIME-encapsulated. You can get > > infected only if you import that mailbox and execute the infected > > file. And, if this happens one way or another, the user really > > knows what he's doing, or is dumb enough to use a computer at all :) > > Sure. I understand. But I had hoped that it could (would) be removed > from the mbox. That is to say; that it would remove the message as > required. I simply wasn't aware that it couldn't (safely) re-construct > the mbox afterwards. Ionut suggested to convert the mbox to a maildir and scan the resulted eml files. After the clean-up you can re-export them in mbox format. You just can not rely on bdc doing this, because it won't. We can discuss the reasons off the list, if you're interested. As a starting point, just think about some widely used broke^H^H^featured MUAs, being parts of a widely used operating system. These pieces of software have the bad habit of re-defining the design and implementation of MIME standards. -- Adi Pircalabu (PGP Key ID 0x04329F5E) -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/