MailScanner not parsing dumaru-y MIME headers

Julian Field mailscanner at ecs.soton.ac.uk
Mon Feb 23 19:54:15 GMT 2004 

Did you remember to restart MailScanner after changing the code? I tried it
with your message and it was detected just fine. It may need the other
changes I have written recently. I'll do another beta release before the
weekend if I get time.

At 19:43 23/02/2004, you wrote:
>Nope. dumaru-y still passes through MailScanner unscathed.
>
>From: "Elene" <FUCKENSUICIDE at HOTMAIL.COM>
>To: <jcorell at iprus.net>
>Subject: Important information for you. Read it immediately !
>MIME-Version: 1.0
>Content-Type: multipart/mixed;boundary="xxxx"
>X-MailScanner-MailScanner-Information: Please contact the ISP for more
>information
>X-MailScanner-MailScanner: Found to be clean
>Status:
>
>
>
>James Corell
>E-P-C-S
>111 West Mitchell, Suite E
>Gaylord, MI 49735
>(989) 732-1366
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>Behalf Of James Corell
>Sent: Monday, February 23, 2004 2:09 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: [MAILSCANNER] MailScanner not parsing dumaru-y MIME headers
>
>
>Rolled MailScanner Message.pm back to 4.27.3-1, then ran the patch.
>MailScanner runs fine (no more looping scans or missing headers). I'll know
>pretty soon if this fixes the dumaru-y problems.
>
>
>James Corell
>E-P-C-S
>111 West Mitchell, Suite E
>Gaylord, MI 49735
>(989) 732-1366
>
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>Behalf Of Julian Field
>Sent: Monday, February 23, 2004 9:44 AM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: [MAILSCANNER] MailScanner not parsing dumaru-y MIME headers
>
>
>Please try this patch to Message.pm. I have tried to post a new Message.pm
>a couple of times already, but it seems to disappear down the toilet :-(
>
>
>At 14:32 23/02/2004, you wrote:
> >I've just sent a copy of this to the list in a different thread having
> >not seen this one until afterwards :) It's in a password protected
> >zipfile)
> >
> >On Sat, 2004-02-21 at 10:31, Julian Field wrote:
> > > Yes please, send me a copy in a password-protected zip file. Please
> > > remember to tell me what the password is! :-)
> > >
> > > At 22:37 20/02/2004, you wrote:
> > > >Julian:
> > > >
> > > >Running MailScanner-4.27.3-1, rpm version
> > > >Running sendmail 8 on RedHat 6.2 with latest rpm-build
> > > >Running Sophos 3.79
> > > >
> > > >Installed latest version of MailScanner to fix MIME header parsing
>problem
> > > >(MyDoom-A viruses not being found). However, I have been seeing
>dumaru-y
> > > >viruses pass through MailScanner with "Clean" headers. When the mail
> > ends up
> > > >in Outlook Express, however, OE finds the attachment and it's up to the
> > > >client virus scanner to find dumaru-y.
> > > >
> > > >I have several copies of the virus-infected email message with full
> > headers
> > > >stored on the mail server. If you would like to see them, I can attach
>the
> > > >file and send it to you.
> > > >
> > > >I thought the latest version of MailScanner was supposed to fix this?
> > > >Anybody else having this problem?
> > > >
> > > >James Corell
> > > >E-P-C-S
> > > >111 West Mitchell, Suite E
> > > >Gaylord, MI 49735
> > > >(989) 732-1366
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > Professional Support Services at www.MailScanner.biz
> > > MailScanner thanks transtec Computers for their support
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list