Hi, As Declude *does* know the name of the file it is trying to decode, maybe it could display that name, along with the fact it caught a vulnerability and not an unknow virus? Shouldn't it have reported it found: The "EOF in multipart processing" vulnerability virus in Webmaster_attach.pif I'm also banning PIF files but vulnerabilities should take precedent over banned extentions in reporting, right?
Here the log snippet from the declude log: 04/26/2004 20:44:16 Q588000ad02465470 MIME file: [message/delivery-status][*DEFAULT*; Length=321 Checksum=28335] 04/26/2004 20:44:16 Q588000ad02465470 Warning: EOF in middle of MIME segment [Webmaster_attach.pif] [--====dcffafbdbccebfccbeec] 04/26/2004 20:44:16 Q588000ad02465470 Banning file with pif extension [application/octet-stream]. 04/26/2004 20:44:16 Q588000ad02465470 WARNING: EOF in multipart processing. 04/26/2004 20:44:16 Q588000ad02465470 WARNING: EOF in multipart processing. 04/26/2004 20:44:17 Q588000ad02465470 Invalid PIF Vulnerability 04/26/2004 20:44:17 Q588000ad02465470 Found a bogus .pif file 04/26/2004 20:44:17 Q588000ad02465470 File(s) are INFECTED [: 0] 04/26/2004 20:44:17 Q588000ad02465470 Scanned: CONTAINS A VIRUS [MIME: 4 37310] 04/26/2004 20:44:17 Q588000ad02465470 From: <> To: [EMAIL PROTECTED] [incoming from 192.87.5.144] 04/26/2004 20:44:17 Q588000ad02465470 Subject: Undelivered Mail Returned to Sender Groetjes, Bonno Bloksma .... Back up my hard drive? How do I put it in reverse? ----- Original Message ----- From: "Postmaster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 26, 2004 8:44 PM Subject: Declude Virus caught a virus > Declude Virus v1.79i4 caught the Unknown Virus virus in Unknown File > from <> to: [EMAIL PROTECTED] > > Date: 04/26/2004 20:44:17 > Subject: Undelivered Mail Returned to Sender > Spool File: D588000ad02465470.SMD > Remote IP: 192.87.5.144 > > Headers: > Received: from relay.surfnet.nl [192.87.5.144] by tio.nl with ESMTP > (SMTPD32-8.05) id A880AD0246; Mon, 26 Apr 2004 20:44:16 +0200 > Received: by relay.surfnet.nl (Postfix) > id C0C453F4EE; Mon, 26 Apr 2004 20:43:04 +0200 (MEST) > Date: Mon, 26 Apr 2004 20:43:04 +0200 (MEST) > From: [EMAIL PROTECTED] (Mail Delivery System) > Subject: Undelivered Mail Returned to Sender > To: [EMAIL PROTECTED] > MIME-Version: 1.0 > Content-Type: multipart/report; report-type=delivery-status; > boundary="81D6A3F2C9.1083004984/relay.surfnet.nl" > Message-Id: <[EMAIL PROTECTED]> > > > --- > [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] > > --- [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
