Fix -- Re: Mydoom Virus getting Through

Julian Field mailscanner at
Wed Feb 11 21:34:35 GMT 2004

I have hopefully managed to make the MIME parser a lot more robust. It
certainly appears to solve the current problem. If you are running a nice
recent version, backup your old and replace it with this one.

Then please test it against the copies of MyDoom that are getting through.

The result of a fine evening spent wading through MIME-tools code and
deciding that it can't rewind :-(

Let me know how it goes.

At 20:37 11/02/2004, you wrote:
>Daniel Kleinsinger wrote:
>>Julian Field wrote:
>>>The message that contained the MyDoom that got through Sophos (before
>>>3.78d) was actually a bounce from another mail server that included the
>>>entire text of the original message.
>>>Fortunately it's not been a big problem so far, but I would quite
>>>like to fix it if I can.
>>I'm running Sophos in addition to Trend and F-Prot.  Using MailWatch I
>>checked which virii got caught by which scanner and before installing
>>3.78d Sophos was catching a few less MyDoom.A (5-20 of 300-500 total
>>MyDoom.A slipped past Sophos everyday).  Since installing 3.78d
>>(yesterday) Sophos is catching all that Trend and F-Prot are.  There
>>still seem to be some people having issues with 3.78d, but in my case it
>>seems like it was a problem with Sophos, not MailScanner.
>I would suggest that this as much an antivirus issue. I run F-prot and
>Antivir and until Antivir updated their engine about a week ago only
>F-prot was reliably catching the bounce messages with the original
>message attached. With the new engine, all is well again and both are
>catching them. Looks like F-Prot had a better message scanning engine
>than the others had at the time.
>In line with our policy, this message has
>been scanned for viruses and dangerous
>content by MailScanner, and is believed to be clean.
-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/octet-stream
Size: 122833 bytes
Desc: not available
Url :
-------------- next part --------------
Julian Field
Professional Support Services at
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list