Could not analyze.

Antony Stone Antony at SOFT-SOLUTIONS.CO.UK
Mon Dec 8 17:08:53 GMT 2003 

On Monday 08 December 2003 5:05 pm, Julian Field wrote:

> That's the 200 attachments per message limit kicking in.

Sounds more than reasonable to me :)

Antony.

> See MailScanner.conf.
>
> At 16:55 08/12/2003, you wrote:
> >On Dec 8, 2003, at 12:31 AM, Jan-Peter Koopmann wrote:
> >>>At Fri Dec  5 08:37:00 2003 the virus scanner said:
> >>>    Could not analyze message
> >>
> >>Can you give us any more input on the messages that cause this?
> >>Attachment yes/no? Encrypted yes/no? Etc.
> >>
> >>Regards,
> >>   JP
> >
> >I've just recently had the same thing, here is the report:
> >
> >The following e-mail messages were found to have viruses in them:
> >
> >     Sender: xxxxx at phonedir.com
> >IP Address: xxx.xxx.x.xx
> >  Recipient: xxxxxxxxxx at aol.com
> >    Subject:
> >  MessageID: hB8FQg329094
> >     Report: Could not analyze message
> >
> >When I checked the quarantined message, it looks like a folder of 391
> >files was attached (7.5MB encoded - all word docs, I think), here's the
> >jist of the message:
> >
> >--Apple-Mail-32-248296212
> >Content-Disposition: attachment;
> >         filename=Ad_Analysis_Sheets
> >Content-Type: multipart/x-folder;
> >         boundary=Apple-Mail-33-248296213;
> >         x-unix-mode=0777;
> >         name="Ad_Analysis_Sheets"
> >
> >
> >--Apple-Mail-33-248296213
> >Content-Disposition: attachment;
> >         filename=LUGGAGE.DOC
> >Content-Transfer-Encoding: base64
> >Content-Type: application/msword;
> >         x-unix-mode=0755;
> >         name="LUGGAGE.DOC"
> >
> >(250-300 lines of base64 encoding)
> >
> >--Apple-Mail-33-248296213
> >Content-Disposition: attachment;
> >         filename=NEXTFILE.DOC
> >Content-Transfer-Encoding: base64
> >Content-Type: application/msword;
> >         x-unix-mode=0755;
> >         name="NEXTFILE.DOC"
> >
> >(250-300 lines of base64 encoding)
> >
> >(repeat 389 more different filenames...)
> >
> >I've called the user and left a message, so I can try and get him to
> >stuff/zip the folder before sending to see if it'll go through that way
> >(especially since AOL would probably reject a 7.5MB attachment if it
> >made it through MS/ClamAV). My relay is RH AS 2.1, w/MS 4.24-5, ClamAV
> >0.65, SA 2.60. Any ideas?
> >
> >dan

--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.

 - Douglas Adams in The Guardian, 25th August 1995

                                                     Please reply to the list;
                                                           please don't CC me.

More information about the MailScanner mailing list