Klez Virus

Julian Field jkf at ecs.soton.ac.uk
Fri May 17 09:21:42 IST 2002

At 00:01 17/05/2002, you wrote:
>Are you sure the html, jpeg, and png files are really infected?
>In my experience, one of the Klez variants attaches a copy of itself
>_and_ a random file from the infected computer's hard drive. This
>random file is unaltered (i.e. "clean"). I've seen several infected
>emails where MailScanner with Sophos removes the virus, but passes on
>the extra attached file (with bad mime boundaries, but who cares).

That is 100% correct. You are seeing the random file, not the infected

>>The Klez virus is attaching as HTM/JPG/PNG files and the MailScanner
>>can not find it.
>>Do I change that in MailScanner or my Antivirus?
>>Kham Vue
>>Internet Admin
>>The City of Wadsworth
>>WADSNET.COM High Speed Internet Service
>>kvue at wadsnet.com
>>  "Believe that life is worth living, and your belief will help
>>create the fact."
>>       --William James

Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list