Could not analyze.

[Dan Farmer]

On Dec 8, 2003, at 12:31 AM, Jan-Peter Koopmann wrote:

>> At Fri Dec  5 08:37:00 2003 the virus scanner said:
>>    Could not analyze message
>
>
> Can you give us any more input on the messages that cause this?
> Attachment yes/no? Encrypted yes/no? Etc.
>
> Regards,
>   JP

I've just recently had the same thing, here is the report:

The following e-mail messages were found to have viruses in them:

     Sender: xxxxx at phonedir.com
IP Address: xxx.xxx.x.xx
  Recipient: xxxxxxxxxx at aol.com
    Subject:
  MessageID: hB8FQg329094
     Report: Could not analyze message

When I checked the quarantined message, it looks like a folder of 391
files was attached (7.5MB encoded - all word docs, I think), here's the
jist of the message:

--Apple-Mail-32-248296212
Content-Disposition: attachment;
         filename=Ad_Analysis_Sheets
Content-Type: multipart/x-folder;
         boundary=Apple-Mail-33-248296213;
         x-unix-mode=0777;
         name="Ad_Analysis_Sheets"


--Apple-Mail-33-248296213
Content-Disposition: attachment;
         filename=LUGGAGE.DOC
Content-Transfer-Encoding: base64
Content-Type: application/msword;
         x-unix-mode=0755;
         name="LUGGAGE.DOC"

(250-300 lines of base64 encoding)

--Apple-Mail-33-248296213
Content-Disposition: attachment;
         filename=NEXTFILE.DOC
Content-Transfer-Encoding: base64
Content-Type: application/msword;
         x-unix-mode=0755;
         name="NEXTFILE.DOC"

(250-300 lines of base64 encoding)

(repeat 389 more different filenames...)

I've called the user and left a message, so I can try and get him to
stuff/zip the folder before sending to see if it'll go through that way
(especially since AOL would probably reject a 7.5MB attachment if it
made it through MS/ClamAV). My relay is RH AS 2.1, w/MS 4.24-5, ClamAV
0.65, SA 2.60. Any ideas?

dan