Sobig.F@mm.enc
Julian Field
mailscanner at ecs.soton.ac.uk
Sun Sep 7 19:51:52 IST 2003
I can explain what is happening with all of these cases. A dumb MTA is
rejecting the message, and including the entire content text of the
rejected message in the rejection notice, rather than just the headers or
the first few lines (which is what sensible ones do). As the MIME structure
of the rejected message is completely broken by it being included very
simply in the rejection notice, your email app can't actually decode the
attachment anyway. So it's actually quite safe. But some AV products
generate a false alarm on it, Norton in particular.
At 01:17 07/09/2003, you wrote:
>Now I don't know if it's the virus or the AV software that someone is
>using but the message is from a postmaster at xxx.xxx.xx and is a rejection
>message saying that the message you sent was infected. So it's either a
>virus generated message or a real bounce message where the original
>message was sent back with the virus. It don't know if there are AV
>products out there that send the whole oringal message back if reject
>which sounds kind of dumb.
>
>-----Original Message-----
>From: Kevin Spicer [mailto:kevins at BMRB.CO.UK]
>Sent: Saturday, September 06, 2003 7:17 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Sobig.F at mm.enc
>
>
>On Sun, 2003-09-07 at 00:03, Rose, Bobby wrote:
>
> >MailScanner doesn't seem to be catching this. I thought Ms was written
>
> >to cehck for the mime enclosed in header stuff. Did this get broken
> >along the later versions.
>
>This looks like it might be the same issue as yesterdays thread 'Missed
>Virus?'. Could you give a few more details, like MailScanner version,
>scanner name, format of the message that got through (was it an MTA
>bounce message with a .txt attachment containing the original mail with
>a virus?). Source of the mail would be good if you have it (but please
>snip out the encoded virus data from between the MIME section headers!!)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list