Doug,
Actually Norton DID quarantine an infected attachment named ofo.zip from the email message that got thru as PLAIN text. I have the file and it is a true infexted .zip file. So if someone did open it they would get infected.
I understand what you're saying and I believe you that the ZIP file was quarantined. But, IMO, that does NOT mean it would have reached the user
_in a form that would have proved dangerous_
Let me try to explain that. I believe (until we see proof from a -raw- email to indicate otherwise as requested by Jason) that the message you received was indeed a PLAIN text message and I strongly -suspect- that Norton is doing "more" than perhaps it should by un-encoding the base64 content within that message body, quarantining what it found, altering the message, etc...
I suspect that *if* you had turned OFF Nortons prior to receive that same message, you would have seen the PLAIN text message containing base64 ASCII and -no- file attachment would have been presented by your MUA (because, based on headers, there WAS no attachment- it was all message body).
Your message was altered by Norton AV, so we can't test with that, but I have my own captured "problem" message, which for now I will assume is similar to the one that caused your problem. I have tested with this message, and it passes through QS/clamav, but is flagged by desktop Norton as containing Mydoom.
I propose the following if you're aggreable
I can send it to you 2 times:
1) with your AV -off-
2) with your AV on
I suspect that 1) will result in a plain text message displayed with NO attachment for the user to "get to", and 2) will result in file, expanded and quarantined by NortonAV.
Or... if you'd prefer, I can point you to my captured file and you can test privately yourself.
If you (Gregg) would like to test, send me private email about how you'd like to proceed.
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
