Re: [AMaViS-user] testvirus failures #16 #24 #25

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ricardo,

| Figure I report my tests, using the latest amavisd-20030616-p9
| #12 did pass, but correctly marked as UNCHECKED.

Password protected archives may be blocked by:
  $final_banned_destiny = D_BOUNCE;
  $banned_filename_re = new_RE(
    qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

| #16  virus string embeded in HTML did pass...  Should it ?

ClamAV and most others _did_ detect EICAR here.
Don't know if they should have.

| #24  does not contain a virus, but I did get only the first part of the
| message.  I think the test only sends out only one part, correct ?

Right. You may block message/partial if you wish:
  $banned_filename_re = new_RE(
    qr'^message/partial$'i,   # block rfc2046

| #25  Attachment with a CLSID extension.  This I don't think it's covered
| by double extensions, but we should, right ?

Block curlies in file names if you wish. Or use a more specific regexp.
  $banned_filename_re = new_RE(
    qr'[{}]',  # curly braces in names (serve as Class ID extensions - CLSID)

Mark