MailScanner not parsing dumaru-y MIME headers

Simon Dick simon at ADVANTAGE-INTERACTIVE.COM
Tue Feb 24 10:03:19 GMT 2004 

As a confirmation, the patch caught a genuine copy of the Dumaru.Y virus
that got sent to us here so I'm very happy with that

On Mon, 2004-02-23 at 15:14, Simon Dick wrote:
> That appears to work fine, it detected the re-insertion I did, a genuine
> one comes through every morning though so I'll have a live test early
> tomorrow.
>
> Thanks for the excellent help!
>
> On Mon, 2004-02-23 at 14:43, Julian Field wrote:
> > Please try this patch to Message.pm. I have tried to post a new Message.pm
> > a couple of times already, but it seems to disappear down the toilet :-(
> >
> >
> > At 14:32 23/02/2004, you wrote:
> > >I've just sent a copy of this to the list in a different thread having
> > >not seen this one until afterwards :) It's in a password protected
> > >zipfile)
> > >
> > >On Sat, 2004-02-21 at 10:31, Julian Field wrote:
> > > > Yes please, send me a copy in a password-protected zip file. Please
> > > > remember to tell me what the password is! :-)
> > > >
> > > > At 22:37 20/02/2004, you wrote:
> > > > >Julian:
> > > > >
> > > > >Running MailScanner-4.27.3-1, rpm version
> > > > >Running sendmail 8 on RedHat 6.2 with latest rpm-build
> > > > >Running Sophos 3.79
> > > > >
> > > > >Installed latest version of MailScanner to fix MIME header parsing problem
> > > > >(MyDoom-A viruses not being found). However, I have been seeing dumaru-y
> > > > >viruses pass through MailScanner with "Clean" headers. When the mail
> > > ends up
> > > > >in Outlook Express, however, OE finds the attachment and it's up to the
> > > > >client virus scanner to find dumaru-y.
> > > > >
> > > > >I have several copies of the virus-infected email message with full
> > > headers
> > > > >stored on the mail server. If you would like to see them, I can attach the
> > > > >file and send it to you.
> > > > >
> > > > >I thought the latest version of MailScanner was supposed to fix this?
> > > > >Anybody else having this problem?
> > > > >
> > > > >James Corell
> > > > >E-P-C-S
> > > > >111 West Mitchell, Suite E
> > > > >Gaylord, MI 49735
> > > > >(989) 732-1366
> > > >
> > > > --
> > > > Julian Field
> > > > www.MailScanner.info
> > > > Professional Support Services at www.MailScanner.biz
> > > > MailScanner thanks transtec Computers for their support
> > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > ______________________________________________________________________
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list