From owner-freebsd-chat Mon Oct 25 18:31:37 1999 Delivered-To: freebsd-chat@freebsd.org Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134]) by hub.freebsd.org (Postfix) with ESMTP id 7B2E9152B3; Mon, 25 Oct 1999 18:31:35 -0700 (PDT) (envelope-from tlambert@usr06.primenet.com) Received: (from daemon@localhost) by smtp04.primenet.com (8.9.3/8.9.3) id SAA04734; Mon, 25 Oct 1999 18:31:11 -0700 (MST) Received: from usr06.primenet.com(206.165.6.206) via SMTP by smtp04.primenet.com, id smtpdAAAf7aOgj; Mon Oct 25 18:31:01 1999 Received: (from tlambert@localhost) by usr06.primenet.com (8.8.5/8.8.5) id SAA22839; Mon, 25 Oct 1999 18:31:22 -0700 (MST) From: Terry Lambert Message-Id: <199910260131.SAA22839@usr06.primenet.com> Subject: Re: Hotmail security vulnerability (viruses) (fwd) To: kris@hub.freebsd.org (Kris Kennaway) Date: Tue, 26 Oct 1999 01:31:22 +0000 (GMT) Cc: chat@FreeBSD.ORG In-Reply-To: from "Kris Kennaway" at Oct 25, 99 01:11:06 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >From the referenced article (see below): > > Hotmail's engineers could not fix the problem because Hotmail runs on > FreeBSD Unix, according to Star Internet. And Network Associates, which > owns anti-virus software maker McAfee -- has produced a fourth version of > McAfee anti-virus scanner that can detect Melissa-style macro viruses, but > that version does not run on the FreeBSD Unix operating system used by > Hotmail. > > ---- > > I guess the Linux vscan port doesn't do email scanning..does anyone know > of something that does? I'm just curious.. You can de-MIME anything MIME into a seperate file, and then run the scan on it based on it being a file. You would need to do this anyway, since you would need to seperate the queue-commit, scan, and deliver phases of the process. You could do this pretty easily using "deferred" delivery mode in sendmail, and then moving the queue files into a directory to be scanned (there's perl code in the sendmail 8.9.3 distribution for doing this with appropriate locking), and then into a third queue directory after the attachments have been vetted, where you could do a queue run to deliver them. I believe that all the pieces to do this are already in "ports" (i.e. sendmail and metamail). Another alternative is to use the Melissa patch for sendmail that is available from sendmail.com, but this is a header blocking patch that would not stop variants. Since Melissa is a Microsoft Word macro virus, one technique that would work is to delete all MS Word attachments from all email that flows through your server. 8-). Scanning for viruses is a legal nightmare; consider if your users get a virus anyway, after you have supposedly vetted the code. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message