Could not check ... (corrupt)
Ewald Beekman
E.H.Beekman at AMC.UVA.NL
Wed Jan 22 15:35:22 GMT 2003
Saw this message a couple of time since we're running production,
most of the time it's because of DSN's which include the original attachment
sent (where the original message is one mime-part and the original attachment
is not a separate mime-part in the DSN messag because the mime boundaries
are different).
But i also got it on a "correct" message:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="part1_181.15952dd4.2b5fd091_boundary"
..
--part1_181.15952dd4.2b5fd091_boundary
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
...
--part1_181.15952dd4.2b5fd091_boundary
Content-Type: application/octet-stream; name="Notulen COB 13-01-03.doc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Notulen COB 13-01-03.doc"
0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAABAAAALAAAAAAA
etc.
Any ideas why it coudn't extract the attachment? I did it by hand using
perl -MMIME::Base64 -ne 'print decode_base64($_)' < file > x.doc
and that worked ok, and the document contained no virusses.
Could it be the spaces?
We are using mailscanner-4.11-1 on RedHat-8 with Sophos.
These are the logs:
Jan 22 11:47:08 MailScanner[10703]: Could not check ./h0MAl3er016081/Notulen COB 13-01-03.doc (corrupt)
Jan 22 11:47:09 MailScanner[10703]: Saved entire message to /var/spool/MailScanner/quarantine/20030122/h0MAl3er016081
Jan 22 11:47:09 MailScanner[10703]: Saved infected "Notulen COB 13-01-03.doc (corrupt)" to
/var/spool/MailScanner/quarantine/20030122/h0MAl3er016081
thanx in advance,
Ewald...
--
Ewald Beekman, Security Engineer, Academic Medical Center,
dept. ADB/ICT Computer & Network Services, The Netherlands
## Your mind-mint is:
Don't you wish you had more energy... or less ambition?
More information about the MailScanner
mailing list