{VIRUS?} Re: Mailscanner halting on multi-part mime

Daniel Bowen dbowen1 at MAC.COM
Tue Feb 25 15:36:18 GMT 2003 

Warning: This message has had one or more attachments removed
Warning: (queuefiles.tar.gz).
Warning: Please read the "VirusWarning.txt" attachment(s) for more information.

 
On Tuesday, February 25, 2003, at 09:27AM, Julian Field <mailscanner at ECS.SOTON.AC.UK> wrote:

>Can you try this little test please? Save this into a file and then run 
>perl with the filename.
>
>use FileHandle;
>$path = '2003 Southeast ächure - B&W.pdf';
>print "Path is $path\n";
>$IO = FileHandle->new(">$path") || die "write-open $path: $!";
>
>I just tried this on a MacOS X box and it worked. "uname -a" on this 
>machine said this:
>Darwin shaka 6.3 Darwin Kernel Version 6.3: Sat Dec 14 03:11:25 PST 2002; 
>root:xnu/xnu-344.23.obj~4/RELEASE_PPC  Power Macintosh powerpc
>
>Also, can you try changing the accented "a" to a normal plain "a" and put 
>the message in the incoming queue again to see if it gets processed happily 
>this time?
>
Julian,
     I ran the filename testing perl script, and as you had seen there, it worked as follows:
     
Path is 2003 Southeast ächure - B&W.pdf
     
     However, when doing an 'ls -l' this is the result as viewed from my terminal:
     
-rw-r--r--  1 root  wheel    0 Feb 25 09:48 2003 Southeast a??chure - B&W.pdf

     'uname -a' returns the same:
     
Darwin mail.ortn.edu 6.3 Darwin Kernel Version 6.3: Sat Dec 14 03:11:25 PST 2002; root:xnu/xnu-344.23.obj~4/RELEASE_PPC  Power Macintosh powerpc

     I was unable to retrieve the aforementioned message, however I have saved a message from the past
     that elicits the same error.  I will post the error, the df, and the qf files, as well as attaching them,
     in case of strange 8bit characters:
     
     
Feb 25 10:11:57 mail MailScanner[10014]: New Batch: Scanning 1 messages, 1621 bytes 
Feb 25 10:11:57 mail MailScanner[10014]: Spam Checks: Starting 
Feb 25 10:11:57 mail MailScanner[10014]: Cannot parse /private/var/spool/MailScanner/incoming/10014/h1DI7EHl005264.header and , write-open /private/var/spool/MailScanner/incoming/10014/h1DI7EHl005264/WinZip. - Download Page.url: Invalid argument at /Library/Perl/MIME/Body.pm line 414. 

     qfh1DI7EHl005264:

V6
T1045159634
K0
N0
P30512
Fbs
$_[66.4.192.197]
$rSMTP
$s6004
${daemon_flags}
${if_addr}66.4.192.160
S<bwallen at ortn.edu>
rRFC822; bevelene at chartertn.net
RPFD:<bevelene at chartertn.net>
H?P?Return-Path: <Åg>
H??Received: from 6004 ([66.4.192.197])
	by mail.ortn.edu (8.12.6/8.12.6) with SMTP id h1DI7EHl005264
	for <bevelene at chartertn.net>; Thu, 13 Feb 2003 13:07:14 -0500 (EST)
H?x?Full-Name: Bevelene Wallen
H??From: "Bevelene Wallen" <bwallen at ortn.edu>
H??To: <bevelene at chartertn.net>
H??Subject: =?iso-8859-1?Q?WinZip=AE_-_Download_Page?=
H??Date: Thu, 13 Feb 2003 13:07:19 -0500
H??Message-ID: <NGBBKENLILHIDLOEHHDPAELCCBAA.bwallen at ortn.edu>
H??MIME-Version: 1.0
H??Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_000B_01C2D360.D6D37A60"
H??X-Priority: 3 (Normal)
H??X-MSMail-Priority: Normal
H??X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
H??X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
H??Importance: Normal
.


     dfh1DI7EHl005264:
     
This is a multi-part message in MIME format.

------=_NextPart_000_000B_01C2D360.D6D37A60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

  
 
 http://www.winzip.com/download.htm
------=_NextPart_000_000B_01C2D360.D6D37A60
Content-Type: application/octet-stream;
	name="=?iso-8859-1?Q?WinZip=AE_-_Download_Page.url?="
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="=?iso-8859-1?Q?WinZip=AE_-_Download_Page.url?="

[DEFAULT]
BASEURL=http://www.winzip.com/download.htm

[InternetShortcut]
URL=http://www.winzip.com/download.htm
Modified=C0CC7DAF8AD3C201D8

------=_NextPart_000_000B_01C2D360.D6D37A60--
-------------- next part --------------
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "queuefiles.tar.gz"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Tue Feb 25 15:36:39 2003 the virus scanner said:
   Could not check queuefiles.tar.gz/queuefiles.tar (corrupt)

Note to Help Desk: Look on magpie in /export/2/var/MailScanner/quarantine/20030225 (message PAA08702).
-- 
Postmaster
Mailscanner thanks transtec Computers for their support

More information about the MailScanner mailing list