Klez Virus
Julian Field
jkf at ecs.soton.ac.uk
Fri May 17 09:21:42 IST 2002
At 00:01 17/05/2002, you wrote:
>Are you sure the html, jpeg, and png files are really infected?
>
>In my experience, one of the Klez variants attaches a copy of itself
>_and_ a random file from the infected computer's hard drive. This
>random file is unaltered (i.e. "clean"). I've seen several infected
>emails where MailScanner with Sophos removes the virus, but passes on
>the extra attached file (with bad mime boundaries, but who cares).
That is 100% correct. You are seeing the random file, not the infected
attachment.
>~Todd
>
>>The Klez virus is attaching as HTM/JPG/PNG files and the MailScanner
>>can not find it.
>>
>>Do I change that in MailScanner or my Antivirus?
>>--------------------------------------------------------------
>>Kham Vue
>>Internet Admin
>>The City of Wadsworth
>>WADSNET.COM High Speed Internet Service
>>kvue at wadsnet.com
>> "Believe that life is worth living, and your belief will help
>>create the fact."
>> --William James
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list