We've recently been having a lot of Bugbear virus emails hitting our virus scanner. We've done a lot of scanning for the virus on our workstations and servers and so far we're clean (except for the ones that Declude pick up).
This morning, while going through the email holds, I noticed an email with an
attachment that was 99K... the typical size of infected Bugbear virus emails.
So luckily we didn't send it through...
This turns out to have been a very unusual malformed E-mail. Specifically, it had a malformed uuencoded segment, which never ended -- but a new MIME boundary appeared within uuencoded segment, where the virus was hiding. I'm not sure how a mail client would handle this. I'm guessing this format is very rare, as it appears that the virus inserted several lines from a legitimate E-mail into itself, so this would only be possible if the person with the virus already had an E-mail with a uuencoded segment in it (they aren't common anymore).
In any case, there is a new interim release of Declude Virus (1.70i4) at http://www.declude.com/release/170i/declude.exe that will now detect this situation.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
