OT: (\x01)BOUNDARY_OUTLOOK Messages?

Julian Field MailScanner at ecs.soton.ac.uk
Sat Mar 4 16:32:34 GMT 2006

James Gray wrote:
> On Sat, 4 Mar 2006 00:56, Joshua Hirsh wrote:
>>  I've been seeing quite a few messages come through lately that only
>> contain the word BOUNDARY_OUTLOOK, with a single character at the start
>> of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF
>> executable not stripped, so they're blocked).
>>  Is this scrap from some type of broken virus?
>>  Google doesn't really offer up anything on this..
>> -Joshua
> Ditto here.  Got a couple of them about a week ago, and a few more the other 
> day.  I've compared the binary between a few of the messages and it's been 
> different each time.  I also fired a (zipped) copy off to a friend who is a 
> bit of a hardware hacker and couldn't find anything that even vaugley 
> resembled assembly etc for any CPU's he's played with (which is many - 
> embedded stuff up to Intel/Sparc/Motorola/AMD/etc).
> In short - they seem harmless.  Usual disclaimers apply though.
I have seen this once myself too. I added a "COFF executable" "allow" 
rule to filetype.rules.conf. Would people like me to add that to the 
distribution? Real COFF executables are pretty harmless as far as I 
know, but I'm sure someone will correct me. Does anyone use COFF any 
more? Most systems now use ELF instead.

Julian Field
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list