As previously noted, the problem here seems to be with the f-prot binary, not the actual virus signatures/definitions. Try upgrading the f-prot package, and it'll probably work fine.
-Nik [EMAIL PROTECTED] quoth: > >>I cannot see anything "special" in the MIME structure of Mimail that would > >>cause f-prot to miss the ZIP attachment (or maybe it is the structure of > >>the ZIP that f-prot cannot unpack?). > > > > I was told its the encoding scheme in the .html file thats the problem. > > Currently the scanner does not support that type of encoding. > > It seems to me that the HTML contains the binary EXE without any encoding: > > $ cat -v message.html | fold | head -5 > MIME-Version: 1.0 > Content-Location:File://foo.exe > Content-Transfer-Encoding: binary > > [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL > PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@@[EMAIL > PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL > PROTECTED]@[EMAIL PROTECTED]@^@ > > Regardless, f-prot should list the ZIP attachment, and the files contained > within the ZIP ... > > Cheers, > > Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ > School of Mathematics and Statistics University of Sydney 2006 Australia > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > -- Nik Reiman // [EMAIL PROTECTED] \\ http://www.aboleo.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
