Could not analyze message

Paul Houselander housey at
Tue Nov 7 13:54:08 GMT 2006

Hi Martin

The situation is my customer has his incomming email scanned, the email
which is being quarantined is comming from one of his suppliers (i.e. they
dont smtp out via me). I dont really want to whitelist the IP as the email
comes via BT.

I was thinking along the lines of winmail.dat as the message comes via an MS
Exchange server, but the message is all just plain text. Heres the headers
(ive blanked out various addresses)

Return-Path: <xxxxxxxxxxx>
Delivered-To: 2-xxxxxxxxxxxxx
Received: (qmail 21307 invoked by uid 110); 3 Nov 2006 13:33:11 +0000
Delivered-To: 129-xxxxxxxxxxx
Received: (qmail 21301 invoked from network); 3 Nov 2006 13:33:11 +0000
Received: from xxxxxxxxxxx (HELO xxxxxxxxxxx) (xxxxxxxxxxxx)
  by xxxxxxxxxxxx with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Nov 2006
13:33:11 +0000
Received: from (
	by xxxxxxxxxxxxxxxxxx (8.13.1/8.13.1) with ESMTP id kA3DWXX9018872
	for <xxxxxxxxxxxxx>; Fri, 3 Nov 2006 13:32:38 GMT
Received: from xxxxxxxxxxxx (
	by xxxxxxxxxxxxxxxxx (MOS 3.7.4b-GA)
	with ESMTP id BVA31885;
	Fri, 3 Nov 2006 13:27:07 GMT
Received: from goldmaster ([]) by xxxxxxxxxxxxxxxxxx with
Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 3 Nov 2006 13:32:29 +0000
From: "xxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxxx>
Subject: Proof of Delivery
To: xxxxxxxxxxxxxxxx
Content-type: text/plain; charset="ISO-8859-1"
Date: Fri, 3 Nov 2006 13:32:29 +0000
Message-ID: <GOLDMASTERwOzrJS1yJ000001e0 at>
X-OriginalArrivalTime: 03 Nov 2006 13:32:29.0639 (UTC)

Any other ideals?



-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at]On Behalf Of Martin
Sent: 07 November 2006 13:27
To: MailScanner discussion
Subject: Re: Could not analyze message

Paul Houselander wrote:
> Hi
> I dont think my messages last week regarding this made it to the list, ive
> just noticed that they got flagged as spam on my system :-)

If you're using Tim's Bogus virus rules for Spamassassin you need to
zero score the mailScanner ones (from back in the day when mailScanner
used to 'bounce' spam' and viruses by default)

> I have a message being sent to one of my customers which keeps getting
> quarantined with "Could not analyze message", its a plain text email with
> attachments.

I see you're using Outlook - could it be the TNEF expander isn't working

What I do is don't scan via SA for outgoing, only virus scan. I do this
by the 'from' ip-address range which can't be spoofed quite as easily as
the email address.

> I tried setting up a ruleset so any messages from this paticular address
> not get scanned (using the Scan Messages ruleset). Ive done this quite a
> times before so am confident the syntax im using is correct.
> Despire this the message still gets quarantined, Julian mentioned the
> envelope from/to addresses might be different to the ones ive got in my
> ruleset - I used the "Add Envelope From Header" and "Add Envelope To
> and was able to see from the headers that my ruleset addresses were
> Ive also tried using using the Scan Messages ruleset to just not scan
> incomming email for this paticular email address - again the message still
> gets quarantined.
> Any hints/tips etc.. as to what can cause "Could not analyze message) the
> server processes plenty of other email exactly as I would expect and it
> seems to be this one paticular message.
> Cheers
> Paul

Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.


MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list