Mydoom Virus getting Through

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Wed Feb 11 16:47:48 GMT 2004

Julian Field wrote:
> I found at least 1 part of the problem.
> The message that contained the MyDoom that got through Sophos (before
> 3.78d) was actually a bounce from another mail server that included the
> entire text of the original message.
> This message does not have the right MIME structure for the MIME-tools to
> be able to open it, as it is a text/plain messsage that just happens to
> contain text which contains a mime structure. So MIME-tools quite fairly
> won't extract the attachments from within it.
> I now have an example message of this type, and so I will spend some time
> working on a solution to it. No guarantees, though, the MIME-tools code is
> pretty heavy reading.
> So don't bother sending me any more, I think the one message I have is a
> good example of the type of problem. It can also occur with other viruses,
> it's a problem caused by MTA's bouncing the entire message. Fortunately
> it's not been a big problem so far, but I would quite like to fix it if
> I can.
> --
> Julian Field
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

that's exactly what I've just seen.

the virus was in a base64 attached multipart message, with only 1 part
there, the second being non-existant, even though it says next-part...


Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.


More information about the MailScanner mailing list