[Esa-l]Sircam with application/mixed

Lee Howard faxguy at deanox.com
Tue Jul 31 19:40:58 PDT 2001

At 07:22 PM 7/31/01 -0700, John D. Hardin wrote:
>On Tue, 31 Jul 2001, Lee Howard wrote:
>> Currently I'm seeing 40-50 instances of Sircam get caught daily,
>> but I am seeing some few get through.
>Get through the virus scanner to the sanitizer, or get through the
>combination to the end user?

Both.  Because of local needs, I do not poison anything based on filename
extension, only on complete filename (i.e. "happy99.exe").  And, the
antivirus program gives me some reassurance that this should generally be
enough.  The sanitizer does a wonderful job of defanging potentially
dangerous attachments to our Microsoft Outlook mail client base.  We are
fortunate that the user base is intelligent enough to think twice before
defanging an attachment to run it.

In this case, the antivirus missed it due to an invalid EOF sequence, and
the sanitizer successfully defanged the attachment... as well as correcting
the Content-Type.

Thanks, John.


More information about the esd-l mailing list