mailscanner is not processing virus mails of the same kind the same way

[Antony Stone]

On Thursday 21 August 2003 10:17 am, Kim Schulz wrote:

> On Thu, 21 Aug 2003 10:09:23 +0100 Antony Stone wrote:
>
> > Well, that depends on the name of the attachment :)   If the
> > attachment if called application.pif, then it will get marked as
> > infected, and as a bad filetype.   If the attachment is called
> > msg-982-17.txt then it won't be marked as a bad filetype, just
> > infected.
>
> but can sobig.F be both as a msg-.. and as a application.pif ?
> same virus just found in different ways by mailscanner

Mail delivery notifications are .txt attachments.

Some delivery notifications contain the complete original email as a MIME
body.

Therefore the .txt attachment can contain the Sobig virus, yes.

In my opinion returning the complete message is not only a waste of
bandwidth, but a stupid thing to do in the case of (a) a virus and (b) a
message with forged headers (which Sobig is known to be), but that's a
separate issue....

Antony.

--

In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.

In poetry, it is the exact opposite.

 - Paul Dirac