bdc BitDefender Console - problems, problems
apircalabu at bitdefender.com
Wed Mar 22 11:02:46 UTC 2006
On Wed, 22 Mar 2006 02:41:10 -0800
Chris <bsd at 1command.com> wrote:
> >> > bdc --arc --files --log --debug --mail --disinfect /var/mail
> >> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57)
> >> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
> >> >
> >> > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME
> >> > part)=>q361598.exe infected: Win32.Swen.A at mm <- cevakrnl.xmd
> >> > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100
> >> > (CET)]=>(MIME part)=>q361598.exe deleted <- cevakrnl.xmd
> >> > /var/mail/infos=>(message 37)=>[Subject: Mic ... Feb 2006
> >> > 21:29:16 +0100 (CET)]=>(MIME part) updated <- mime.xmd
> >> > /var/mail/infos=>(message 37) updated <- mbox.xmd
> >> > /var/mail/infos update failed
> > This is exactly what I wrote above. It can take actions upon an
> > infected object, but does NOT update the mbox file itself.
> > On the other hand, what are the real benefits of disinfecting a
> > mailbox? The virus in this case is MIME-encapsulated. You can get
> > infected only if you import that mailbox and execute the infected
> > file. And, if this happens one way or another, the user really
> > knows what he's doing, or is dumb enough to use a computer at all :)
> Sure. I understand. But I had hoped that it could (would) be removed
> from the mbox. That is to say; that it would remove the message as
> required. I simply wasn't aware that it couldn't (safely) re-construct
> the mbox afterwards.
Ionut suggested to convert the mbox to a maildir and scan the resulted
eml files. After the clean-up you can re-export them in mbox format.
You just can not rely on bdc doing this, because it won't. We can
discuss the reasons off the list, if you're interested. As a starting
point, just think about some widely used broke^H^H^featured MUAs, being
parts of a widely used operating system. These pieces of software have
the bad habit of re-defining the design and implementation of MIME
Adi Pircalabu (PGP Key ID 0x04329F5E)
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/
More information about the freebsd-ports