I was just getting ready to post on a similar concern, so since it's related:
Is anybody concerned that the clamd + amavis-ng + spamassassin install by Swertz consistently fails server tests at
http://www.testvirus.org? I really like the way he does his howtos, but I need some help tightening this up a bit. Using the Swertz scripts the default configuration on SME 6.0, 6.01, and the custom ISO, clamd + amavis-ng fails these tests:
Test #5: Eicar virus sent using BinHex encoding
Test #8: Eicar virus sent using BinHex encoding within a MIME segment
Test #12: Eicar virus within a password protected ZIP file **New
Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability"
Test #20: Eicar virus within zip file hidden using the "MIME Boundary Space Gap Vulnerability"
Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability"
Test #22: Eicar virus within zip file hidden using the "MIME Continuation Vulnerability"
Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"
Test #24: Test for the "Partial (Fragmented) Vulnerability". This does not include Eicar virus, but your mail server still must block this since it can break a virus into multiple emails and reassemble it in your inbox.
Test #25: Attachment with a CLSID extension which may hide the real file extension. This does not include Eicar virus, but your mail server still must block this since it can hide the true extension of a file.
clamd + amavis-ng definitely catches the bulk and most common of them, but I'd like to be a little closer to 100% #12, the encrypted password zip file really concerns me because SME is my first line of virus defense for some non-profits. The 2nd line of defense is Panda Software running protection on the PC's and Exchange Server. They catch #8 and #22 leaving me vulnerable still to #5, #12, #19-21, #23-25. Thanks for any suggestions. Rex
4 Replies
1093 Views