[EMAIL PROTECTED] (Yeh You-Ying) wrote in message
news:<[EMAIL PROTECTED]>...
> Hello,
>
> I have posted this in newsgroup before.
> While forwarding a message as attchment, some anitvirus program
> (ScanMail) on Mail Server, takes Mozilla's eml as virus and then
> blocks it.
>
> I have a little experiment.
>
> A. forward a message as attachment to that Mail Server directly.
> B. saving a message (eml file) first and then send this eml out to
> that
> Mail Server.
>
> Both A and B are blocked.
> An interesting thing is, if the eml is made by Outlook or Netscape
> 4.7x. It will not be taken as virus. Why ???
> Any one knows about this issue ?
> Should I filed a bug ?
> Personal thinking, this is problem of Mozilla, not antivirus.
The following is what I posted on Bugzilla, #143882
------- Additional Comment #13 From Yeh You-Ying 2002-05-13 21:48
-------
According RFC822 header definition, ScanMail parses Mozilla's eml
file, and
finds the first line "From - Sun May 12 19:47:39 2002" not following
RFC822.
So ScanMail takes it as virus. I removed this first line in
Mozilla's eml and
re-sent, then
no more blocking. I think this problem of Mozilla.
---------------------------------------------------------------------------------------------------------
3.2. HEADER FIELD DEFINITIONS
These rules show a field meta-syntax, without regard for the
particular type or internal syntax. Their purpose is to permit
detection of fields; also, they present to higher-level parsers
an image of each field as fitting on one line.
field = field-name ":" [ field-body ] CRLF
field-name = 1*<any CHAR, excluding CTLs, SPACE, and ":">
field-body = field-body-contents
[CRLF LWSP-char field-body]
field-body-contents =
<the ASCII characters making up the field-body, as
defined in the following sections, and consisting
of combinations of atom, quoted-string, and
specials tokens, or else consisting of texts>
August 13, 1982 - 9 - RFC #822
