Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Oct 1999 19:43:29 -0600
From:      Brett Glass <brett@lariat.org>
To:        Terry Lambert <tlambert@primenet.com>, kris@hub.freebsd.org (Kris Kennaway)
Cc:        chat@FreeBSD.ORG
Subject:   Re: Hotmail security vulnerability (viruses) (fwd)
Message-ID:  <4.2.0.58.19991025194033.0452f6b0@localhost>
In-Reply-To: <199910260131.SAA22839@usr06.primenet.com>
References:  <Pine.BSF.4.10.9910251308130.53784-100000@hub.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Terry's right, of course. John Hardin has a package that does this,
and it DOES run under FreeBSD. So the article's claim that there are
no macro virus protection systems for FreeBSD is bogus.

Our community network uses Hardin's package, and we've never seen
a macro virus get through.

See ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html

--Brett

At 01:31 AM 10/26/1999 +0000, Terry Lambert wrote:
> > >From the referenced article (see below):
> > 
> > Hotmail's engineers could not fix the problem because Hotmail runs on
> > FreeBSD Unix, according to Star Internet. And Network Associates, which
> > owns anti-virus software maker McAfee -- has produced a fourth version of
> > McAfee anti-virus scanner that can detect Melissa-style macro viruses, but
> > that version does not run on the FreeBSD Unix operating system used by
> > Hotmail.
> > 
> > ----
> > 
> > I guess the Linux vscan port doesn't do email scanning..does anyone know
> > of something that does? I'm just curious..
>
>
>You can de-MIME anything MIME into a seperate file, and then run the
>scan on it based on it being a file.  You would need to do this
>anyway, since you would need to seperate the queue-commit, scan,
>and deliver phases of the process.
>
>You could do this pretty easily using "deferred" delivery mode in
>sendmail, and then moving the queue files into a directory to be
>scanned (there's perl code in the sendmail 8.9.3 distribution for
>doing this with appropriate locking), and then into a third queue
>directory after the attachments have been vetted, where you could
>do a queue run to deliver them.  I believe that all the pieces to
>do this are already in "ports" (i.e. sendmail and metamail).
>
>
>Another alternative is to use the Melissa patch for sendmail that is
>available from sendmail.com, but this is a header blocking patch
>that would not stop variants.
>
>Since Melissa is a Microsoft Word macro virus, one technique that
>would work is to delete all MS Word attachments from all email that
>flows through your server.  8-).
>
>
>Scanning for viruses is a legal nightmare; consider if your users
>get a virus anyway, after you have supposedly vetted the code.
>
>
>                                         Terry Lambert
>                                         terry@lambert.org
>---
>Any opinions in this posting are my own and not those of my present
>or previous employers.
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-chat" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991025194033.0452f6b0>