From: [email protected]

Package: amavis-ng
Version: 0.1.6.7-0.dirk.1
Severity: important
Tags: patch

Hi,

if get a lot of mails where the ISP write a X-header as first line (like 'X-Flags:', 'X-Envelope-From:', etc.). So AMAVIS::Magic detect is as 'text/plain'.
Some AV (like Clamav) can't find a virus in this files, because they
check the file only as ascii text. Other AV (like F-Prot) check this
file as mbox and find the virus, but the security-environment from
amavis.conf don't work.

As workaround I've write a entry for X-headers to /usr/share/amavis-ng/magic.mime (see patch) and now Clamav can find this viruses as well.

But I think it is a better idea to extract every mail (or only plain mails)
in a first step.

By,

Dirk

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux tux 2.6.7-1-k7 #1 Fri Jul 9 14:29:54 CEST 2004 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Versions of packages amavis-ng depends on:
ii debconf 1.2.34 Debian configuration management sy ii libconfig-inifiles-perl 2.27-1 A module for reading .ini-style co ii libfile-mmagic-perl 1.15-2 Perl module to guess file type.
ii libmime-base64-perl 2.12-4 MIME/Base64 decoding for Perl
ii libmime-perl 5.411-1 Perl5 modules for MIME-compliant m ii libnet-perl 1:1.09.01-1 Implementation of Internet protoco ii logrotate 3.7-1.dirk.1 Log rotation utility
ii perl 5.6.1-8.7 Larry Wall's Practical Extraction ii perl-suid 5.6.1-8.7 Runs setuid Perl scripts.

--- /usr/share/amavis-ng/magic.mime~ Wed Aug 4 01:21:24 2004
+++ /usr/share/amavis-ng/magic.mime Sat Aug 21 00:59:44 2004
@@ -297,6 +297,7 @@
0 string Relay-Version: message/rfc822
0 string #!\ rnews message/rfc822
0 string N#!\ rnews message/rfc822
+0 string X- message/rfc822
0 string Forward\ to message/rfc822
0 string Pipe\ to message/rfc822
0 string Return-Path: message/rfc822

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)