Mydoom Virus getting Through

Billy A. Pumphrey bpumphrey at WOODMACLAW.COM
Wed Feb 11 16:34:16 GMT 2004

Awesome you da man.

-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK] 
Sent: Wednesday, February 11, 2004 11:28 AM
Subject: Re: Mydoom Virus getting Through

I found at least 1 part of the problem.

The message that contained the MyDoom that got through Sophos (before
3.78d) was actually a bounce from another mail server that included the
entire text of the original message.

This message does not have the right MIME structure for the MIME-tools
be able to open it, as it is a text/plain messsage that just happens to
contain text which contains a mime structure. So MIME-tools quite fairly
won't extract the attachments from within it.

I now have an example message of this type, and so I will spend some
working on a solution to it. No guarantees, though, the MIME-tools code
pretty heavy reading.

So don't bother sending me any more, I think the one message I have is a
good example of the type of problem. It can also occur with other
it's a problem caused by MTA's bouncing the entire message. Fortunately
it's not been a big problem so far, but I would quite like to fix it if
I can.
Julian Field
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list