Mydoom Virus getting Through
Billy A. Pumphrey
bpumphrey at WOODMACLAW.COM
Wed Feb 11 16:34:16 GMT 2004
Awesome you da man.
-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: Wednesday, February 11, 2004 11:28 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Mydoom Virus getting Through
I found at least 1 part of the problem.
The message that contained the MyDoom that got through Sophos (before
3.78d) was actually a bounce from another mail server that included the
entire text of the original message.
This message does not have the right MIME structure for the MIME-tools
to
be able to open it, as it is a text/plain messsage that just happens to
contain text which contains a mime structure. So MIME-tools quite fairly
won't extract the attachments from within it.
I now have an example message of this type, and so I will spend some
time
working on a solution to it. No guarantees, though, the MIME-tools code
is
pretty heavy reading.
So don't bother sending me any more, I think the one message I have is a
good example of the type of problem. It can also occur with other
viruses,
it's a problem caused by MTA's bouncing the entire message. Fortunately
it's not been a big problem so far, but I would quite like to fix it if
I can.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list