Mydoom Virus getting Through
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Feb 11 18:39:16 GMT 2004
At 18:32 11/02/2004, you wrote:
>On Wed, 11 Feb 2004 16:27:38 +0000, Julian Field
><mailscanner at ECS.SOTON.AC.UK> wrote:
>
> >I found at least 1 part of the problem.
> >
> >The message that contained the MyDoom that got through Sophos (before
> >3.78d) was actually a bounce from another mail server that included the
> >entire text of the original message.
> >
> >This message does not have the right MIME structure for the MIME-tools to
> >be able to open it, as it is a text/plain messsage that just happens to
> >contain text which contains a mime structure. So MIME-tools quite fairly
> >won't extract the attachments from within it.
> >
> >I now have an example message of this type, and so I will spend some time
> >working on a solution to it. No guarantees, though, the MIME-tools code is
> >pretty heavy reading.
> >
> >So don't bother sending me any more, I think the one message I have is a
> >good example of the type of problem. It can also occur with other viruses,
> >it's a problem caused by MTA's bouncing the entire message. Fortunately
> >it's not been a big problem so far, but I would quite like to fix it if I
>can.
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>I think I just found another one and it appears to match your explanation
>above. It appears to be a bounce with the original message, at least that
>is what I think it is. Judging by the number of other people that have
>replied to this post, seems like several others are expierencing this same
>problem. If it helps any, I have been thinking back and I updated my
>MailScanner to 4.26.8 a week or so back and I don't recall having this
>happen before that time. Could be a coincidence or maybe my bad memory but
>I thought I would throw that in.
Coincidence.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list