On Fri, 2005-02-25 at 15:20 +0000, Nigel Horne wrote: > > The sample you sent had no virus in it so I can't substatiate this claim. > > Since I have no virus to test against I am unwary about making
I haven't actually received a virus with sort of boundary, I was just running clamav over some messages and noticed that it was emitting the following: LibClamAV Warning: Ignoring empty field in " boundary=" LibClamAV Warning: Multipart MIME message contains no boundaries My concern was that clamav would pass messages with what it thought was malformed MIME headers to clients that would treat them as valid, thereby providing a method for VXers to circumvent clamav checking. As it turns out, I was incorrect. > I notice that the boundaries don't have quotes around the bracketed bit. The boundaries don't, the boundary definition does: ... Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="(AlternativeBoundary)" ... --(AlternativeBoundary) Content-Type: multipart/alternative; boundary="(AlternativeBoundary2)" I you didn't receive the text as formatted above, perhaps an intermediate MSA/MTA/MUA has reformatted the message. Rick. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
