Date: Wed, 22 Mar 2006 13:00:25 +0200 From: Adi Pircalabu <apircalabu@bitdefender.com> To: Chris <bsd@1command.com> Cc: Ion-Mihai Tetcu <itetcu@people.tecnik93.com>, "\[FBSDP\]" <freebsd-ports@freebsd.org> Subject: Re: bdc BitDefender Console - problems, problems Message-ID: <20060322130025.5527e406@apircalabu.dsd.ro> In-Reply-To: <20060322024110.5z4jw43b4ww00cgs@webmail.1command.com> References: <20060321233021.59hsmdorkgckc0so@webmail.1command.com> <20060322103146.3c1f6997@it.buh.tecnik93.com> <20060322110819.63f7e511@apircalabu.dsd.ro> <20060322024110.5z4jw43b4ww00cgs@webmail.1command.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 Mar 2006 02:41:10 -0800 Chris <bsd@1command.com> wrote: > >> > bdc --arc --files --log --debug --mail --disinfect /var/mail > >> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) > >> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. > >> > > >> > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME > >> > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd > >> > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100 > >> > (CET)]=>(MIME part)=>q361598.exe deleted <- cevakrnl.xmd > >> > /var/mail/infos=>(message 37)=>[Subject: Mic ... Feb 2006 > >> > 21:29:16 +0100 (CET)]=>(MIME part) updated <- mime.xmd > >> > /var/mail/infos=>(message 37) updated <- mbox.xmd > >> > /var/mail/infos update failed > > > > This is exactly what I wrote above. It can take actions upon an > > infected object, but does NOT update the mbox file itself. > > On the other hand, what are the real benefits of disinfecting a > > mailbox? The virus in this case is MIME-encapsulated. You can get > > infected only if you import that mailbox and execute the infected > > file. And, if this happens one way or another, the user really > > knows what he's doing, or is dumb enough to use a computer at all :) > > Sure. I understand. But I had hoped that it could (would) be removed > from the mbox. That is to say; that it would remove the message as > required. I simply wasn't aware that it couldn't (safely) re-construct > the mbox afterwards. Ionut suggested to convert the mbox to a maildir and scan the resulted eml files. After the clean-up you can re-export them in mbox format. You just can not rely on bdc doing this, because it won't. We can discuss the reasons off the list, if you're interested. As a starting point, just think about some widely used broke^H^H^featured MUAs, being parts of a widely used operating system. These pieces of software have the bad habit of re-defining the design and implementation of MIME standards. -- Adi Pircalabu (PGP Key ID 0x04329F5E) -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060322130025.5527e406>