base64 encoding/klez?

Julian Field jkf at
Tue Jun 11 09:14:34 IST 2002

At 03:58 11/06/2002, you wrote:
>>If you'll check it you'll find that it isn't infected.  Klez seems to
>>attach a couple of files, and (at least with F-Prot) the infected one is
>>cleaned and sent on.
>I don't doubt that it has been cleaned, but the odd thing is that it
>appears in the *body* of the message and is not an attachment at all.  It
>only happens with Klez it seems.  I don't understand why it isn't being
>treated like any other attachment.

Can I just stress that in every one of the few hundred cases of Klez I have
seen, the remnants of the message are totally harmless once MailScanner has
removed the dangerous content (which is always does).

The SMTP/MIME engine built into Klez doesn't create MIME messages properly,
which is why you get the remnants.
Julian Field                Teaching Systems Manager
jkf at         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list