jkf at ecs.soton.ac.uk
Tue Jun 11 09:14:34 IST 2002
At 03:58 11/06/2002, you wrote:
>>If you'll check it you'll find that it isn't infected. Klez seems to
>>attach a couple of files, and (at least with F-Prot) the infected one is
>>cleaned and sent on.
>I don't doubt that it has been cleaned, but the odd thing is that it
>appears in the *body* of the message and is not an attachment at all. It
>only happens with Klez it seems. I don't understand why it isn't being
>treated like any other attachment.
Can I just stress that in every one of the few hundred cases of Klez I have
seen, the remnants of the message are totally harmless once MailScanner has
removed the dangerous content (which is always does).
The SMTP/MIME engine built into Klez doesn't create MIME messages properly,
which is why you get the remnants.
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner