Mydoom Virus getting Through

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Wed Feb 11 17:18:15 GMT 2004

Michael Dahlberg wrote:
> Martin:
> Thanks for the suggestion.   I initially thought that the problem was
> with Sophos and called them to discuss the problem.  They also
> recommended that I upgrade to 3.78(d), which I did.  Unfortunately,
> this did not solve the problem.
> My knowledge of MIME encoding/decoding is limited, but it looks as if
> the message might have an incomplete MIME header.  MailScanner (or the
> perl modules that handle MIME encoding) analyze the message and
> determine that there is no MIME-encoded attachment, and as a result
> delivers the message.  The message is received by Eudora (or Outlook),
> which may be a bit more aggressive in detecting MIME-encoded
> attachments, and passes the attachment with the incomplete MIME header
> to NAV and it reports the MyDoom virus.
> This is just a guess by me from reading other posts on this list and
> looking at some representative messages.
> Thanks for the suggestion.
> Mike

are you using the SAVI version or the binary version?

I'm using the SAVI, and that caught the critter when ClamAV didn't.

Also using FreeBSD rather than Linux which might make a difference too.

Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.


More information about the MailScanner mailing list