Hello:
I get these messages containing the Mimail virus (I-Worm/Mimail.J according to
AVG) supposedly from PayPal.com (but obviously spoofed!) and TB has a hard time
parsing them correctly. In fact, by some reason it sets the *ENTIRE* message text
(headers, body and all) as a single string in the "From" line.
By consequence, AVG cannot scan the message (because to TB its one single
header line, no body or attachments) and not even the Selective Download filter (or
any other filter for that matter) works on it. All I get is the message(s) in my
inbox with a huge "From" header and no body.
Once in a while TB will choke while downloading these messages and crash --
well, not exactly crash; it goes into some infinite loop with 100% CPU utilization,
and my computer won't respond to anything, so I end up hitting the reset button. At
those times, I've even tried letting it be for a while to see if it eventually
finishes, but a couple of hours later its obvious its just burning up my CPU with no
apparent progress. I end up telneting into the POP3 server and deleting the message
by hand before starting up TB again.
AFAIK, no other mail client has problems with these messages. I've tried
Eudora Pro 5.x, Mozilla.org's ThunderBird, Opera's M2, and even mutt, and they all
download the faulty messages fine without a problem -- even the times when TB has
choked with them. It has been happening to me since TB v1.63, and I keep on upgrading
hoping that it is a bug that has been fixed, but no dice :(
Below is a sample of the headers of one of these messages:
<HEADERS>
Return-path: <[EMAIL PROTECTED]>
Received: from localhost (ca-buenaprk-cuda1-c8a-104.anhmca.adelphia.net
[24.55.222.104]) by mail.mailsystem.caribe.net
(Vircom SMTPRS 3.1.300.0) with SMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;
Sat, 29 May 2004 00:26:56 -0400
From: "PayPal.com" <[EMAIL PROTECTED]>
To: Dz <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Priority: 1 (High)
Subject: IMPORTANT isoiawef
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------B940B23A000BC2F"
------------B940B23A000BC2F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
</HEADERS>
Here are a few facts that might help diagnose the problem:
1. When viewing the source of the message in TB, the headers are parsed correctly
(i.e. they are bolded as they should)
2. The message list, as well as the message preview, show the entire message text
(headers, body and all) as the "From" header. No other header or body are shown.
3. When exported as a UNIX mailbox, the "From " delimiter line at the top contains
some text from the headers and every single line of the message body, devoid of
whitespace, in place of the envelope's sender address, for example:
(This is one single line)
<ENVELOPE FROM HEADER>
From [EMAIL PROTECTED], text/plain, 7bitDearPayPalmember,
Weregrettoinformyouthatyouraccountisabouttobeexpiredinnextfivebusinessdays.Toavoidsuspensionofyouraccountyouhavetoreactivateitbyprovidinguswithyourpersonalinformation....<!SNIP!>
Sat May 29 08:33:58 2004
</ENVELOPE FROM HEADER>
4. If I remove all this crud from the "From " line, and just keep the e-mail address
followed by the RFC822 date, and re-import the message, TB will parse it correctly and
immediately AVG will detect the virus. This obviously points to the parsing of the
headers originally, when retrieved from the POP3 server, as the culprit.
I haven't been able to find a specific common denominator in these messages
that triggers the problem, nor have I been able to find any distinguishing features
that causes TB to choke on some of them. Anybody else has had this problem? Is there
a work around? I can provide a full copy of a sample message if necessary.
TIA
-dZ.
--
Powered by The Bat! v.2.10.03,
Hindered by MS Windows 2000 v.5.0 build 2195 Service Pack 4
________________________________________________
Current version is 2.11.02 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html
