Sobig.F@mm.enc
Kevin Spicer
kevins at BMRB.CO.UK
Sun Sep 7 16:28:58 IST 2003
On Sun, 2003-09-07 at 16:16, Antony Stone wrote:
> Enc is where
> it's encoded into the mime header.
>Please can somebody explain to me what this means? Are you saying
>that a
>virus can be encoded in a MIME header, rather than (as is usual) in a
MIME
>body to which the header refers?
No, I think the .enc actually means its base-64 encoded as it would
appear within a mime body. Clearly a signature which matched the virus
when decoded would not match the virus when it is encoded as part of a
message. As we've seen in this thread there are some MTA's which bounce
an encoded message but indicate (incorrectly) that it is plain text,
this means mailscanner treats it as a text file and it will only be
spotted by those virus scanners which either a) have special signatures
for the encoded version or b) spot this it is encoded and decode it
before scanning.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
More information about the MailScanner
mailing list