Parish <parish_AT_ntlworld.com> wrote in message news:<abrk5s$[EMAIL PROTECTED]>... > Yeh You-Ying wrote: > > Parish <parish_AT_ntlworld.com> wrote in message >news:<abotda$[EMAIL PROTECTED]>... > >> Yeh You-Ying wrote: > >> > Parish <parish_AT_ntlworld.com> wrote in message >news:<ablp5r$[EMAIL PROTECTED]>... > >> >> Yeh You-Ying wrote: > >> >> > Personal thinking, this is problem of Mozilla, not antivirus. > >> >> > >> >> As long as the .eml file /doesn't/ contain a virus then it is the AV s/w > >> >> that's at fault - giving false positives. McAfee Virus Scan doesn't have > >> >> a problem with Mozilla .eml files. > >> > > >> > But ScanMail did. :) > >> > >> So, it's a bug in scanmail. It's incorrectly identifying some part of > >> the e-mail header. > >> > >> If it isn't a virus, which it isn't, then the AV software is the problem > >> > > > > Mmmm... I think it's not the bug of ScanMail. > > Of course it is. If the data in the header is *not* a virus then > ScanMail is at fault. > > > While Mozilla makes email header, it generates information which is not > > defined in RFC822 header. Please refer to Bug#143882 comment#13 for more detail. > > Just because the e-mail header doesn't (allegedly) conform to RFC822 > doesn't mean it's a virus. > > Norton AV used to identify a FreeBSD Master Boot Record as a virus - but > it wasn't. > > I've just tried Sunbelt's PestPatrol, which finds spyware, cookies, > trojans, etc. and it claims that Microsoft's MASM Assembler, needed to > build Mozilla on Win32, contains the Acid Reign trojan. Using your logic > then this means that there is a bug in the MS MASM Assembler. Should I > e-mail BG about it do you think?
Well...I think I may use wrong vocabulary (Perhaps I should not say "virus"). The behavior of ScanMail is that, after parsing mozilla's eml and removing some lines in the mail header and then passing it to me. It does not give me any message to say the mail containing virus. I think ScanMail just follows RFC822 to parse mail header. If a mail contains non-standard header, it removes some lines. That's its way to implement(though it may be not smart enough). So from my point of view, I think it's not a bug of ScanMail. :-) Mozilla's eml contains non-standard header information, this is really a problem.
