Hello all, I am currently receiving e-mails with incorrect Mime_base64 encoding. Spamassassin adds the MIME_BASE64_ILLEGAL tag and if I cat the mailbox part of the mime looks like this (only showing the last part of the mail):
Qa6y+0PJZh4KsJU2CmwBOgpqIZgKgwFICoAZNQqAGT4Kp gU4CnQJmwoBAjUKcA lQCrBVRgqDAUUK pgFECoctSRB+gPQPLD24RZ70iQ9QVbYQs7JJRQPtig9inXYPAvKNRHiY50QFk zjMRbYBRCJqN0VC Gs0QbBJVpXmlyBBTzDIPPlcXD/TM/hBQpaep/rzeD/TK0g8SAQMPP/ZVDzjYiccpxW LH3WIEP75h shB2J0c PPQ24EH4JmA/ksSUQc8OmgVFmkERZslkQU8PuD3vRDBCbJJcQU8gfD/RTGw/0yIgQHLBy EGUheA/0S8gQdiarD8wUig/0xTLRkLXC0KImZMw8NnjP9oxo2Ew+QkJSwgbRgGL20Oqg/Q/kq+wP riOBEIEdHA8XixAQZiPDmBCFN0Q6TX0PzBSBEEULkqYbJ86BzFnghr38tUEYv+NEy7y5wKj+Bw9Q eWwKFQ1AD107IM/X3bhDc3YFqo wjfURpLneYECt5GHDNMkRe1ujHWpBVlalli0UhD7imTemlgMFd xUGUfb8EEePJRUytU0OtI3FDJpO50OPzJMJwNRup/trJqf4Zjqn+OVAKDAYswKgAAQ== --Boundary-00=_LI6/AsRuKRMJPIk-- This is not what I normally see, all lines in other e-mails have the same length, these are different lengths. I am using pine, a collegue of mine is using kmail and we are able to save the attachement. The attachement is the Worm.Mydoom.I virus. If I do a clamscan on the saved attachement it finds the virus. If I do a clamscan --mbox on the mbox file it does not find it. I assume this is because of the broken Mime-encoding. Is there something I have overseen that can stop this kind of virus e-mail? I could not find anything on the list or in the manpages. I have not tested what outlook does with this illegal Mime-encoding, but it wouldn't surprise me if it is also able to decode the attachement. I am using the stable 0.74 release (just updated my configuration to make sure it was recent), combined with clamav-milter 0.74a. It is running on a Solaris 8 server. Database is recent and it is detecting other viruses. There are no errors in the log file. Thanks for any help or pointers, Marc Berenschot. -- Marc Berenschot Email: [EMAIL PROTECTED] UNIX Systeembeheerder Phone: 053 4894615 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
