Could not analyze.

Julian Field mailscanner at ecs.soton.ac.uk
Mon Dec 8 17:05:55 GMT 2003 

That's the 200 attachments per message limit kicking in.
See MailScanner.conf.

At 16:55 08/12/2003, you wrote:
>On Dec 8, 2003, at 12:31 AM, Jan-Peter Koopmann wrote:
>
>>>At Fri Dec  5 08:37:00 2003 the virus scanner said:
>>>    Could not analyze message
>>
>>
>>Can you give us any more input on the messages that cause this?
>>Attachment yes/no? Encrypted yes/no? Etc.
>>
>>Regards,
>>   JP
>
>I've just recently had the same thing, here is the report:
>
>The following e-mail messages were found to have viruses in them:
>
>     Sender: xxxxx at phonedir.com
>IP Address: xxx.xxx.x.xx
>  Recipient: xxxxxxxxxx at aol.com
>    Subject:
>  MessageID: hB8FQg329094
>     Report: Could not analyze message
>
>When I checked the quarantined message, it looks like a folder of 391
>files was attached (7.5MB encoded - all word docs, I think), here's the
>jist of the message:
>
>--Apple-Mail-32-248296212
>Content-Disposition: attachment;
>         filename=Ad_Analysis_Sheets
>Content-Type: multipart/x-folder;
>         boundary=Apple-Mail-33-248296213;
>         x-unix-mode=0777;
>         name="Ad_Analysis_Sheets"
>
>
>--Apple-Mail-33-248296213
>Content-Disposition: attachment;
>         filename=LUGGAGE.DOC
>Content-Transfer-Encoding: base64
>Content-Type: application/msword;
>         x-unix-mode=0755;
>         name="LUGGAGE.DOC"
>
>(250-300 lines of base64 encoding)
>
>--Apple-Mail-33-248296213
>Content-Disposition: attachment;
>         filename=NEXTFILE.DOC
>Content-Transfer-Encoding: base64
>Content-Type: application/msword;
>         x-unix-mode=0755;
>         name="NEXTFILE.DOC"
>
>(250-300 lines of base64 encoding)
>
>(repeat 389 more different filenames...)
>
>I've called the user and left a message, so I can try and get him to
>stuff/zip the folder before sending to see if it'll go through that way
>(especially since AOL would probably reject a 7.5MB attachment if it
>made it through MS/ClamAV). My relay is RH AS 2.1, w/MS 4.24-5, ClamAV
>0.65, SA 2.60. Any ideas?
>
>dan

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list