[sanesecurity] Re: (Subject Line Test #2)

From: "Justin Reynolds" <justinr@xxxxxxxxxxxxxxxxxxxxx>
To: <sanesecurity@xxxxxxxxxxxxx>
Date: Thu, 22 Jan 2009 15:59:45 -0500

Tested same messages on Ubuntu / ClamAV 0.94.2; same results -- no
detection.


-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Justin Reynolds
Sent: Thursday, January 22, 2009 3:48 PM
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: (Subject Line Test #2)

Windows server, Exchange 2003. ClamAV 0.94.2 from hideout.atx.ch. All
incoming mail has "X-Envelope" headers applied by an Exchange sink, and
SpamAssassin adds X-Spam tags.

Tested this yesterday with clean install of Clam (from above) and all
default settings; no change.


-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of SuprDave
Sent: Thursday, January 22, 2009 3:42 PM
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: (Subject Line Test #2)

Well, let's find out if it's the type of Clam we're using.  Is anyone
using Clamd that is also having this problem?  I am using ClamAV, and
don't want to change unless I have to.  I also use MailWatch which is a
bit picking about which Clam to use.
Dave Gattis


> Undetected:
> http://jqd.org/pastebin?id=69 (Fastmail.FM)
> http://jqd.org/pastebin?id=70 (Yahoo)
> http://jqd.org/pastebin?id=71 (Hotmail)
> http://jqd.org/pastebin?id=72 (Gmail)
>
> Detected:
> http://jqd.org/pastebin?id=73 (The original Yahoo mail manually
stripped
> down with only basic headers -- this one is detected.)
>
>
> -----Original Message-----
> From: sanesecurity-bounce@xxxxxxxxxxxxx
> [mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Basford
> Sent: Thursday, January 22, 2009 2:35 PM
> To: sanesecurity@xxxxxxxxxxxxx
> Subject: [sanesecurity] Re: (Subject Line Test #2)
>
>
>
> Chris Barber wrote:
>>
>> I had this same problem where the test string is ignored in the
> subject.
>> Then I forwarded the test message and it got caught like it should.
> The
>> only difference I could see is that the subject had a "Fw: " in front
> of
>> the test string now. Maybe this test string doesn't work if the
entire
>> subject is only the test string? I.E. it needs some other text in the
>> subject with it?
>>
>> Someone else please try this also but it seems to work for me.
>>
> Hi Chris,
>
> Could you post both of these if possible to  here (strip out your
email
> address)
>
> http://jqd.org/pastebin
>
> The signature looks for: Subject: (up to 30 chars) then the text, so
> both your tests should have worked.
>
> I've asked Julian to take a look at this too... really odd.  My tests
> with windows XP seem fine:
>
> http://jqd.org/pastebin?id=68
>
> Cheers,
>
> Steve
> Sanesecurity
>
>
>
>

References:
- [sanesecurity] MailScanner fails test #2 (Subject Line Test)
  - From: SuprDave
- [sanesecurity] Re: {sanesecurity] MailScanner fails test #2 (Subject Line Test)
  - From: Arthur Dent
- [sanesecurity] Re: {sanesecurity] MailScanner fails test #2 (Subject Line Test)
  - From: SuprDave
- [sanesecurity] Re: {sanesecurity] MailScanner fails test #2 (Subject Line Test)
  - From: Chris Barber
- [sanesecurity] Re: (Subject Line Test #2)
  - From: Steve Basford
- [sanesecurity] Re: (Subject Line Test #2)
  - From: Justin Reynolds
- [sanesecurity] Re: (Subject Line Test #2)
  - From: SuprDave
- [sanesecurity] Re: (Subject Line Test #2)
  - From: Justin Reynolds

[sanesecurity] Re: (Subject Line Test #2)

Other related posts: