Re: [Qmail-scanner-general]MyDoom (Novarg) Not Scanned

Salvatore Toribio Thu, 12 Feb 2004 06:37:10 -0800

At 7:22 -0500 12-02-2004, Greg Kelley wrote:

Folks,

I posted this yesterday but thought I'd send over the whole thing again so
you can look at what's going on. I got an infected message from the RedHat
Network Mailing List. This was not a bounce. It was not scanned as it was
interpreted to be PLAIN Text. Norton AV at the desktop caught it and
quarantined a file called ofo.zip that was attached. Following is the log
entry and the entire email (minus the removed .zip file).

Wed, 11 Feb 2004 06:38:32 -0500:7585: This is a PLAIN text message, skip
virus scanners - but not SA

+++ email message +++

Subject: rhn-users digest, Vol 1 #903 - 1 msg
X-Mailer: Mailman v2.0.13
MIME-version: 1.0

Content-type: text/plain
To: [EMAIL PROTECTED]

Content-Transfer-Encoding: base64

VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4NCg0KLS0tLS0t
PV9OZXh0UGFydF8wMDBfMDAwMl83MjUzNTdGMi5FNDc2NEQ5Mg0KQ29udGVudC1UeXBlOiB0

It looks like a Plain text message...

I have decoded it and it is not the original message the content is:

FIRST PART --------------------------------------------------------------

This is a multi-part message in MIME format.

------=_NextPart_000_0002_725357F2.E4764D92
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: base64

jv7kTJ5Occnp1KZJc97sOs7khGsNCu7XdFBLp9DZqfI/YJPSwfP1WJbay+0/p6PSV1ZkTuSz
2Fj11l/7MqfRiMIiLoTPSkeQ3s4lQfZ0ag0Kvrr5qlnl3Clc8V7bh/N2y6Xwwli+74oNCnWr
5T9ThyTYdsmT5WK26SbJbURTZ+zhmciwh1yuNY4NCo+PWn3MRp26LV43OYbr00OXfE2WrZ3Z
dMrk++VUJL7u1jEzNngNCif2NHFwUkOXkatDbjSrla+X/nl3qsNqeEmrZ51rifOtQpclsibK
DQp6tr9JXie0UzCN4ovIOy07QZf6wirX4TzMy3lvaLFkKVIxmDyDStkjqIibMepDzHaQz+K2
DQpLjsfyVa5nVW/NVYHBWNqIP7hFWXNGO5r70jQk7IwoNtp5ZMrJe3fyizChbpP3dUXRXz6I
rtxk0l3idyTslZzCnnfy7SJg5WYvnbInjFeZ7TPwQcXA3DUkjL5jLz5yMUTRq13IKd9MpIvI
hMTlMplz+KOW+IjMtIVexPDSlISZu2LGXOO3U5h8Sy/4ynBGDQrxZ/EpKmfmzo3DOpvQZJiV
d+NbDQqfsFIhlpE4WIvCennIt6VE9ZPbYrNsUF29L/bNaJju7jcn49DcJ/LXuvWoOmqCiIY7
1ousipmq8ks+rCGq1c+by3ySVSSSPsBD08ruY701ZiqaKon574q6Kq+xDQoz7EN1RNSEM8Wd
UrZuYsG3N/C81vyad2J0SiOa13b9M/OXrF2/I2Xwoi9js1n61W9CY/oyrZxrTSBEz4mxRdxc
gqJsqcpos/55SZHMmXUvmeJ9Y/lN77P7Wa0q05Ges/CJU3n4wjdVKS9rWK2eqFGIMIVjlK4x
225lDQr4NmNKpe5Rn1X+PyjbxdaRRmLjSKB34l7ExKQ2ObPZm+xLOmZd7jrxoUSC7Z71du9z
x1bN4yDdlE412uPy58r4dW5ExVtVlVCb/D8NCjLE45AvpEtjZe6j2Yptj5qXR4i+OEv3hOVu
fXGKfebjc3Za4oNMVWjuJ66CWfxVRbMuJpyxkG5bKFV6WT+vL4TkdYJtdHfzpLg+Mlda+LxP
Xkm7qiovRKufrV+wbWzGoGdt9622TqydN0oNCqOhdGNqcbOWX9k3nPd+eEw/XUG2bTZ9XIYN
CvNttqZdVFfq5Nj7eNVr4suNfbJiroMg8aiXdcdkDQrCLrXDr67m2eZriZdaRz+nZXzM4F3p
7TNyTELfpWF+3SXuxJy2YaVt6bOx3TZbWU7t0GopbkLIKcuTcW3Xfg0K89dxirKts85YxDB+
38vbxO7CRoJSarQNCmE08P6ZJHhQyZipwl5CIi1ClYri+PQgtVBRwoPIRqD3q6zs08QNCuB5
4c39voe4oFO5torxsiEloEpVfE3DmA0Kz2Y2Y+9QdPrfjHfC4EQ2fJKcaPuqIIbzTkKIZnxq
qnn0jGIi8yGI5ZmJ9Nnn/mB352SoY4xjTfn97b8xKDvxUuGIi61E1CpH/aKgXHeUtKa6UyDw
U6Ceca2U6N26sJ3dS+VnRtR7Q69B6DDnslHFQTtdRiUuQs1iuIWPcF23UKFqdWzBoKFkSPTd
t+iwxPgNCml1xHRH8WI6sqswV/Ro3uB2kOJ08MBDhULLvw0KDQoNCi0tLS0tLT1fTmV4dFBh
cnRfMDAwXzAwMDJfNzI1MzU3RjIuRTQ3NjREOTINCkNvbnRlbnQtVHlwZTogcGxhaW4vdGV4
dDsNCgluYW1lPSJOb3J0b24gQW50aVZpcnVzIERlbGV0ZWQxLnR4dCINCkNvbnRlbnQtVHJh
bnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVu
dDsNCglmaWxlbmFtZT0iTm9ydG9uIEFudGlWaXJ1cyBEZWxldGVkMS50eHQiDQoNClRtOXlk
Rzl1SUVGdWRHbFdhWEoxY3lCeVpXMXZkbVZrSUhSb1pTQmhkSFJoWTJodFpXNTBPaUJ2Wm04
dWVtbHdMZzBLVkdobA0KSUdGMGRHRmphRzFsYm5RZ2QyRnpJR2x1Wm1WamRHVmtJSGRwZEdn
Z2RHaGxJRmN6TWk1T2IzWmhjbWN1UVVCdGJTQjJhWEoxDQpjeTQ9DQo=

SECOND PART ---------------------------------------------------------

霔L�Nq��'�Is��:���k
��tPK�-���?`�"�۞X���?ߣ"WVdN���X��_�2�-�".ѦJG�ޑ%A�tj
憘�Y��)\�^���v�*��X���
u��?S�$�v���b��&�mDSgϷ����\�5�
��Z}�F��-^79��"C�|M���t ���T$���136x
'�4qpRC��Cn4����yw��jxI�g�k�ۂB�%�&
z��I^'�S0��;-;A�*׷<��yoh�d)R1�<�J�#���1�C�vꦒ�
K��U�gUo�UšX��?�EYsF;��"4$��(6�yd 
�{w��0�n�uE-_>���d"]�w$�����w��"`�f/��'�W��3�A���5$��c/>r1D-�]�)�L��џ�2�s����å�^��"����b�\��S�|K/�
 pF
�g�)*gʑ�:�-d��w�[
��R!��8X�zy��*D��b�lP]�/��h���7'�-�'�׆��:j���;�����K>�!�'���|�U$�>�C" 
�c�5f*�*���*ر
3�CuD'�3��R�nb��7�����wbtJ#��v�3��]�#e��/c�Y�'oBc�2��kM
D��E�\Ǣl� h��yI���u/��}c�MԄ�Y�*"�����Sy��7U)/kX���Q�0�c��1�ne
�6cJ*�Q�U�?(����Fb�H�w�^���69����K:f]�:ҰD����v�s�VՓ ��N5���� �unD�[U�P��?
2���/�Kceӣ��m���G��8K���n}q�}ʓsvZ��LUh�'��Y�UE�.&���n[(UzY?�/єu�mtwۧ�>2WZ��O^I��*/D���_�ml��gm���N��7J
��tcjq��_�7��~xL?]A�m6}\�
�m��]TW͔��x'k���}�b�� Ү�u�d
�.����ʍ�k��ZG?�e|��]��3rLB�*a~�%ӟ��a*mȄ��6[YN�-j)nB�)��qm�~
��q侂��X�0~����ӬF�Rj�
a4���$xP��^B"-B�䒯� �PQ�ɻFݗ���"�
�y�՛���S���Ҿ!%�JU|M��
�f6c�Pt���w��D6|��h��
��NB�f|j�y��b"�!����ٍ��`w�d�c�cM����1(;�R���D'*G���\w�S
�S��q��������K�gF'{C�A�0��Q�A;]F%.B�b���p]�P�jul�ݰdH���˃��
iu�tG�b:��0W�h��v�t��C�B��


------=_NextPart_000_0002_725357F2.E4764D92
Content-Type: plain/text;
        name="Norton AntiVirus Deleted1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="Norton AntiVirus Deleted1.txt"

Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBvZm8uemlwLg0KVGhl
IGF0dGFjaG1lbnQgd2FzIGluZmVjdGVkIHdpdGggdGhlIFczMi5Ob3ZhcmcuQUBtbSB2aXJ1
cy4=

THIRD PART --------------------------------------------------------------

Norton AntiVirus removed the attachment: ofo.zip.
The attachment was infected with the [EMAIL PROTECTED] virus.

--------------------------------------------------------------

Anyway...

I think that this virus are malformed, they didn't come as a real
attachment so qs or thi av-scanners find them (I have forced
qmail-scanner to don't skip text/plain messages and sophie did not
find this virus.

Salvatore

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Re: [Qmail-scanner-general]MyDoom (Novarg) Not Scanned

Reply via email to