semi OT : Broken mail headers caused by Antivirus or Mail Client ?

Mohd Hafiz Ramly hafiz at
Tue Jul 7 04:41:10 IST 2009

Hi List,
I have posted an issue earlier regarding "MailScanner: Could not analyze message"
More info can be found here :
Further investigation on the issue, I found that the problematic mail is caused by broken mail headers (not sure if I get this term right).
Inspecting the quarantine mail in MailScanner reveals that Content-Type has randomly misspelled or missing in some words.
Example 1 :
Content-Type: multipart/related;
The correct headers would be :
Content-Type: multipart/related;
Example 2:
Content-Type: multipart/alternaboundary="----=neXtPaRt_1245338959"
The correct headers would be :
Content-Type: multipart/alternative;boundary="----=neXtPaRt_1245338959"
Example 3:
Content-Type: multipart/alternative;
The correct headers would be :
Content-Type: multipart/alternative;
command in my Linux server shows the message file is good
[root at mail1 ~]# file /var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message
/var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message: RFC 822 mail text
[root at mail1 ~]# file -i /var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message
/var/spool/MailScanner/quarantine/20090611/0DAE9191804B.A62FD/message: message/rfc822
So I decide to edit the quarantine message file and fixed the headers to the correct entry and the mail went through just fine.
MailScanner did not complains anything.
[root at mail1 ~]# sendmail -toi <
I notice the client uses Outlook 11, Outlook Express 6 and SquirrelMail 1.4.10a as their mail editor.
And all of those mail is scanned using FortiGuard antivirus.
So what actually caused the mail headers to be broken ?
Does it caused by the mail client or might be the antivirus at client ends ?
My guess it could be caused by FortiGuard antivirus software which scans outgoing mail on clients PC.
Anyone had this similar issue before ?

More information about the MailScanner mailing list