Ben Bucksch wrote: >>We know that at very least Symantec's glitch is reproducable >> > You do know that? Good! Can you please describe the exact steps leading > to the problem?
The initial bug report for 116443 describes this pretty well. Ate his inbox 3 times in a row. http://bugzilla.mozilla.org/show_bug.cgi?id=116443 Additionally, this same reporter was able to reproduce the identical bug with Netscape 4.7x. I saw one wipe out that definitely coincided with the BadTrans virus being detected, though with a different AV app. The second wipe, as already stated, I don't have a clue what happened. Since this problem doesn't occur for every virus that comes in, it's also probably safe to assume that some type of HTML activation is required to trigger the AV app into taking action against the mbox file. What I'm personally very puzzled about is the ancillary data loss that occurred in what happened to the user I've been mentioning. I can logically work out in my mind what happened with the InBox, but why in the heck did it take out one other folder?? Even the second mystery InBox wipe took one other folder out as well. Just doesn't make sense that a folder that didn't trigger the AV app would even get looked at. I was thinking that maybe the other folder in question might have had a virus in it as well. When I moved that user over to Eudora, extracting all those attachments, turned out he had a ton of viruses in a variety of different folders. If the trigger was a stored virus in one of the subfolders, this user should have experienced a lot more data loss than what happened. One possibility is that the trigger point got the AV app into hunting specifically for BadTrans, and nothing else. Seems unlikely, but I can't think of any other scenario that fits the pieces together for the puzzle. Later on, -- "Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read." - Groucho Marx
