base64 encoding/klez?
ISP List
isp-list at TULSACONNECT.COM
Mon Jun 10 23:45:59 IST 2002
When a customer receives a message that had the Klez virus that I am
assuming was base64 encoded, the user gets the usual "virus found" message
and the attached virusfound.txt file, that says:
/17HXoY-000AMo-00/bgcolor.pif Found the W32/Klez.h at MM virus
Shortcuts to MS-Dos programs are very dangerous in email in bgcolor.pif
However, in the *body* of the email, this appears:
Content-Type: application/octet-stream;
name=PerformFlightSearch[1].htm
Content-Transfer-Encoding: base64
Content-ID: <IxxUSj6h5x1FNh71xh5>
CjwhZG9jdHlwZSBodG1sIHB1YmxpYyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAgVHJhbnNpdGlv
bmFsLy9FTiI+CjxodG1sPgo8aGVhZD4KPHRpdGxlPk9yYml0ejogRmxpZ2h0IFNlYXJjaCBS
ZXN1bHRzLSBEb21lc3RpYzwvdGl0bGU+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0
IiBsYW5ndWFnZT0iSmF2YVNjcmlwdCIgc3JjPSIvaW5jbHVkZS9icm93c2VyX2RldGVjdC5q
(rest is truncated).
Any ideas why this is occuring?
--Mike
More information about the MailScanner
mailing list