Mydoom Virus getting Through

Thu Feb 12 10:20:30 GMT 2004

That's exactly what I've seen too.

Well spotted Martin and Julian.

Phil

---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Martin Hepworth
> Sent: 11 February 2004 16:48
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Mydoom Virus getting Through
>
>
> Julian Field wrote:
> > I found at least 1 part of the problem.
> >
> > The message that contained the MyDoom that got through
> Sophos (before
> > 3.78d) was actually a bounce from another mail server that
> included the
> > entire text of the original message.
> >
> > This message does not have the right MIME structure for the
> MIME-tools to
> > be able to open it, as it is a text/plain messsage that
> just happens to
> > contain text which contains a mime structure. So MIME-tools
> quite fairly
> > won't extract the attachments from within it.
> >
> > I now have an example message of this type, and so I will
> spend some time
> > working on a solution to it. No guarantees, though, the
> MIME-tools code is
> > pretty heavy reading.
> >
> > So don't bother sending me any more, I think the one
> message I have is a
> > good example of the type of problem. It can also occur with
> other viruses,
> > it's a problem caused by MTA's bouncing the entire message.
> Fortunately
> > it's not been a big problem so far, but I would quite like
> to fix it if
> > I can.
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Julian
>
> that's exactly what I've just seen.
>
> the virus was in a base64 attached multipart message, with only 1 part
> there, the second being non-existant, even though it says next-part...
>
> clunk.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>