Home / Browse / AMaViS - A Mail Virus Scanner / Mail / Archive
AMaViS - A Mail Virus Scanner

Email Archive: amavis-bugs (read-only)

2000:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul (3)	_Aug (1)	_Sep	_Oct (2)	_Nov (9)	_Dec (3)
[AMaViS-bugs] AMaViS Security Announcement: bug in 0.2.1-pre1 prevents virus detection if metamail is used
From: Rainer Link <link@su...> - 2000-07-29 17:45
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
			AMaViS Security Announcement

Date:			07/29/2000
affected  version(s):	AMaViS 0.2.1-pre1 if metamail is used
Vulnerability Type:	AMaViS is configured with the wrong
			switches for metamil / no mail splitting
			no virus detection possible
Priority:		urgent
Solution:		checkout latest sources from CVS or download
                        at least configure.in from cvsweb.amavis.org
Author:			Rainer Link <link@...>
Advisory ID:		ASA-2000-3

- ---------------------------------------------------------------------------

1. Problem description
AMaViS 0.2.1-pre1 uses either metamail or reformime to split
an eMail message in its parts, which will be saved in
/var/tmp/scanmails<pid>/unpacked
Due to a stupid bug AMaViS will use the run-time switches for
reformime although metamail is used.
Here is a short explanation why this happens:
./configure will detect metamail, create config.cache and create
src/scanmails/scanmails correctly, this means metamail is used and
the correct run-time flags for metamail, too.
make calls ./configure --recheck, configure uses for speed reasons
the cached variables, but the check if metamail or reformime is used
fails now. Therefore src/scanmails/scanmails is created for use with
metamail *but* with the run-time flags for reformime. 


2. Impact
As AMaViS (scanmails) uses the wrong run-time parameters, a mail is
not splitted and /var/tmp/scanmails<pid>/unpacked is *always*
empty. Therefore no virus will be detected at all.


3. Solution
Either checkout the latest sources from our CVS server at 
http://sourceforge.net/projects/amavis/ or download at least
configure.in from http://cvsweb.amavis.org/. The direct
link is http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/~checkout~
/amavis/configure.in?rev=1.9&content-type=text/plain&cvsroot=amavis

If you download only configure.in, please do a ./reconf (it may
give you three warnings, but they can be ignored).

Remove config.cache, if this file does exits.

Then re-run ./configure with the configure options you need and do 
a make && make install.

NOTE: After every update of either AMaViS or used virus scanner(s),
please test if everything works correctly be sending a mail with the 
EICAR testfile virus, which can be found at 
http://www.eicar.com/anti_virus_test_file.htm


4. Acknowledgment
I would like to thank Tilo Lutz who first reported to us that no virus
was discovered when metamail is used. As this was my bug, I 
apologize for any inconveniences.


5. References


6. Revision History
07/29/2000: initial release

===========================================================================   

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDjaUVwRBACPlluFzjLsjxV4ynz41Zk1S2GLF1/U3xE2HNcfk+a2Ij6sH64O
yPtBR9WX9x/QW3g9LnW86DHWgnh408D7jtd4/imJDyiNGqMregmkDjEWa6TIsXwB
RlG/DRpFbfwc4yRqQPklcgCIH/KlxgkJ1QTezpltRiQBfpWZKOrA1tLGGwCgw4/o
pU+RdnilbrDc6MZx7WQkzKED+QEUt4/++VyvPZjQCOmxFk4GpQZNP99D40eJFwyx
JkRGVl4f1wAgi0Q3NSSJyl1j9qGxz0c8DmR1F0yJtyg8+fqpKomtg+lHasvELom4
g0cGjnjtwx7sgtga4BIxUUpWTZLkMftWQigWgwWp3e5b6RCfHTUxuOUtgBBmjQB8
x04ABACNTYjjBcUKJYzp3Hx8wz39MVznYl8KXuXHIGY0ccbPmv3J6zjXvSr4++AZ
+U1qUSGJUyW0xpSWnsxHRI/qkiI5KPNbLYPFMbYjLHH2H5grjdnw7X71NAEW13Mv
0V9Fgs1mn93BkVn8V+U8vGPcgwTegcEWCe6V06HZD6Ep46W7drQnUmFpbmVyIEhl
cm1hbm4gTGluayA8UmFpbmVyTGlua0BnbXguZGU+iFYEExECABYFAjjaUVwECwoE
AwMVAwIDFgIBAheAAAoJEJsaBUwTtEB5iDoAoI+nE3VeD0gGtuaTHhLmKPA7rfmJ
AKCf+H996kGJ65ZmqWsTrV2iuyqniIkBIgQQAQEADAUCONuGTwUDAeEzgAAKCRCX
VPlSyTX7PUP3CACZG7hK9GMg7gL2pWs6ZEPC+ANUGh3KL5F/cYjngQJf+YABXvJ/
g8Up0voHooSq+lGQMxPZjK2sxLF/aOkmRW+r/uC1pxwbAOLgRRC/X33CVA+XhJ0r
UvYJGHUjDRoe690vWkxyDDCVGVlsD3+5w7Ljsq0hoiRFF+32HyJzHY1bcC3d+W5V
IPBze9bJvcDspJbCOXVc87d2tOfYR85mdOcsotNhAZJWtZvBkhj9xvxlu8BrAOUe
e+1ZbeMNlrDnmMGMYc2kF4gSbAHfmYR9Zepng60s5rWktEUzlJoUDRPKI2FmNT3E
K9dycZXhsdcDUnzAimm4MrvEn2pexSC2rE4NtCJSYWluZXIgSGVybWFubiBMaW5r
IDxsaW5rQHN1c2UuZGU+iFUEExECABYFAjlosj0ECwoEAwMVAwIDFgIBAheAAAoJ
EJsaBUwTtEB5yj0AniSu6k2wR6LF122b5aUVUwhXoHtlAJdMS/Gijbx8m4MI9thX
qXp5azRNtClSYWluZXIgSGVybWFubiBMaW5rIDxSYWluZXIuTGlua0BzdXNlLmRl
PohWBBMRAgAWBQI5aLJjBAsKBAMDFQMCAxYCAQIXgAAKCRCbGgVME7RAeWHEAJ45
eGd260EM04tUuIhh2fxI0RyhPwCfVU8nrwC7pbwj7Dsa07fvwE0soYW5Ag0EONpS
FBAIAJoCSZEyxdupx95EPn8XPGV7ugg+5BMIDTA6J30HD78RQQkDQCBMTDLCcMpz
uukxXByAUMUNpf8RlZEN9U582BjdPYNYRa4VP5QJbvpjC08YeWQs+sD3n0HT/ArL
FGlC+rSf1vJoaKI2ggTlRV1L04yEhCEH9zQDPKjFH4aIci2IghOJB/xZaRF69khN
IlifD8SglIQ9FcEhc5+sUIZdeu/+XVlgwgBc4XF7+W40PNZ4uXMhElbzGP5jqTdo
nFS+AlV/OsElQ+ma4atZicfVjRaVTxovAl91ZeVr5v7XGvpvh3rmtOyP/pVYf4ii
5Y6nu8OFXGo4Bsx3FqSZkQ2jh3cAAwUIAICCSuAuPCYaKYA168gNDZjsadQNhCpw
2o7zsKpSmQ6hxd4aRQ1TO631nNDx2D+/ffk7ET5VT3n4gezUn2ITZHdrTk1GUpLR
3czoMZIBL6Eit9mEmRe1XZ/3Q5lEUZHm8wEqqIZPPVhxZAFXDBucQlPO1lFKd8rM
UC+3+oU7RF9PpwzdQ+d/iMGmFMKXTH7o2qRV64cVMkWuMpMQARfA+i3YGPqqZfIb
dlMHXJ0oA32+eTUqOTtucD64XvcYSUQQ1tsHeijvrHq71zLfL6t1Dhwt+JDRMz3S
fDggxQs2oaB9Y+rxfbX7ajcHl0rc67sTTC+wDXIq+25FhnYPu+NV6kmIRgQYEQIA
BgUCONpSFAAKCRCbGgVME7RAeTYdAKCifLnHBBVPhcSRRffljCryGujZJQCfYcrQ
VrZ22GYrSJJn3sNjQKAHd3w=
=Fsd9
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5gxczmxoFTBO0QHkRAix/AJ9zkZtogMbgXrQfOHGj9MF/Ug4rhwCfa+cU
ZsYjC4CCJuyuwnjLkvPFLR8=
=8ZNt
-----END PGP SIGNATURE-----

-- 
Rainer Link, SuSE GmbH, eMail: link@..., Web: http://www.suse.de
Developer of A Mail Virus Scanner (AMaViS): http://amavis.org/
Founder of Linux AntiVirus Project: http://lavp.sourceforge.net/