Thanks for looking at this. However, the virus has been removed from the message by Norton AV and it leaves the message:
"Norton AntiVirus removed the attachment: ofo.zip. The attachment was infected with the [EMAIL PROTECTED] virus."
in it's place where the attachment originally was in the message body. You can see that the entire message was skipped from scanning according to the log snippet. There must have been something 'evil' in the way the originator composed the message for it to get through. I have seen several posts from the RedHat Network Mailing list stating that members' ISP captured the infected message, but QMS didn't because it thought the message was PLAIN Text somehow. I bring this up because it may be a new way for infectors to hide their attachment from certain scanners.
because the message WAS plain text as far as the structure of the mail message is concerned.
Why/how Norton AV unencoded stuff from the -body- is still a mystery to me, but this issue -may- be unique to Norton AV?
I found the same behavior with a user with desktop Netcape 7.x MUA and Norton AV Corp 7.5.
I tested with one of the messages that got through my gateway against desktop Grisoft AVG v6.0.581 and Eudora MUA. No attachment was displayed by MUA and no warning from AVG. Anyone else have data to report?
To be clear...though Norton indicates presence of BadStuff, I don't think any of this would present a real threat to the end-user
since there's no "legit" attachment exposed to them.
My 2 cents of input
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
