Report :Could not analyze message ?
Julian Field
MailScanner at ecs.soton.ac.uk
Tue May 24 11:59:02 IST 2005
They are using the null MIME-boundary vulnerability to try to bypass
spam and virus detection systems. The MIME headers show this:
Content-Type: multipart/related;
boundary=""
This should and will generate a "can't analyse message" error. If you
aren't getting this error from these messages, then you need to
upgrade to the latest version. The fix disappeared from quite a few
releases of MailScanner, as the MIME-tools were improved a few months
ago, and this breaks the MIME-tools parser. The latest beta has a
separate fix for this situation.
If you are getting the "Can't analyse message" error then your
version is working fine and should be left alone until the next
stable release at the start of June.
If you are *not* getting this error, then you should strongly
consider upgrading.
On 24 May 2005, at 08:41, Andreas Piper wrote:
> Hello all,
>
>
>> Report: MailScanner: Could not analyze message
>>
>
> I am seeing those too since the last few days. In my case it is
> always a
> spam-message with Subject: C$ALIS SOFT + a random word,
> containing some
> MIME-Attachments including a JPEG-File. I have quarantined some of
> them, and
> could hand over the queue-files (~13KByte size per message) for
> further
> analysis if requested.
>
> My setup: MS 4.36.4 with SA 3.0.2 on Debian Sarge (2.4.29-vs1.2.10)
> with Perl
> 5.8.4 and sendmail 8.13.1
>
> thanks for any hints,
> Andreas
> --
> ______________________________________________________________________
> __
> Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg
> Hans-Meerwein-Strasse, 35032 Marburg, Germany
> Phone: +49 6421 28-23521 Fax: -26994 Email: piper at HRZ.Uni-Marburg.DE
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list