On Sun, 30 Mar 2003 14:0:15 +0000, J J Young wrote: > Hello Sam,
> ======= On 2003-03-29 at 23:55:00 you wrote: ======= >> I have noticed that F-prot AV will discover, flag, identify, and report >> any MIME-encoded email attachments containing viruses in messages >> received by Arachne's email client, even if the the attachment has not >> yet been decoded and saved to a file. >> In the case of messages received by Nettamer's email client a >> MIME-encoded attachment containing a virus will not get caught by >> F-prot until after the attachment has been decoded and saved to a >> file. > Last September I was in contact with Frisk (the F-Prot people) because > the then-current DOS version would not detect viruses in Foxmail 4.1 > mailboxes larger than 500,000 bytes. This is still the case, and I have > not received a satisfactory reply. In fact, their first reply stated: > >You should not have problems with scanning 500+ KB files. If that > >were the case F-Prot would not be in business. Have you tried using > >the Dumb scan mode? > I had, indeed. I have also tried the two(?) updates to F-Prot released > since then. > Foxmail's mailboxes are zip-compressed. I zipped them further for > uploading so Frisk could download and examine them. The example > mailbox of less than 500,000 bytes did not reveal its infection to > F-Prot when zipped. >> This applies even in the case of same virus, different email client. >> I wonder why this is so. Does anyone know why? > See if Nettamer's mailboxes can be unzipped and whether the one you're > dealing with is over 500,000 bytes. > My inbox is currently over 38MB... > Regards, > Jake Young > 2003-03-30 13:54:30 BST (GMT +1) Thanks for your reply, Jake. My Nettamer inbox is over 2MB. Unlike an Arachne inbox which in its raw form consists of individual text files, a Nettamer inbox in its raw form consists of just one very long concatenated text file in which all the messages have separator symbols inserted between individual messages. The file is not zipped. Is your Foxmail inbox in its raw form a zipped file consisting of just one very long concatenated text file? Perhaps F-prot is capable of indentifying email viruses only when it is examining individual message files one at a time. It appears to not work at all in finding viruses in concatenated mail. It will work with a MIME-encoded message part separated out of a concatented mail file after it has been decoded and saved as an individual binary file. I suppose F-prot will probably work also with any MIME-encoded message part saved as an individual file even if the MIME-encoded message part has not yet been decoded to a binary file. Sam Heywood -- This mail was written by user of The Arachne Browser: http://browser.arachne.cz/
