Re: [Clamav-users] Re: found a bug in v0.60+BugFixesFromCVS-20030916

Tue, 28 Oct 2003 21:00:24 -0800 

On Tue, 28 Oct 2003 19:43:53 +0300
"Sergey V. Burchu" <[EMAIL PROTECTED]> wrote:

> > 1) abram -- original file I have, this a returned mail from
> > mailer-daemon with infected mail inside.
> > 2) Mail delivery failed_ returning message to sender.eml -- infected
> > mail which is inside (1).

No, it isn't. The difference between the original file in (2) [which is
detected by clamav] and the one in (1) is:

--- DIFF START ---

--- Mail delivery failed_ returning message to sender.eml       Mon Oct 27 12:55:34 
2003
+++ Mail delivery failed_ returning message to sender2.eml      Wed Oct 29 04:05:20 
2003
@@ -1,4 +1,32 @@
-From [EMAIL PROTECTED] Wed Aug 27 18:25:37 2003
+From [EMAIL PROTECTED] Sun Oct 26 22:34:16 2003
+>From MAILER-DAEMON Mon Oct 27 00:34:17 2003
+Received: from mail.iitp.ru ([195.19.65.51]:2521)
+       by pier.botik.ru with esmtp (Exim 4.02)
+       id 1ADsWe-0007Fh-00
+       for [EMAIL PROTECTED]; Mon, 27 Oct 2003 00:34:16 +0300
+Received: from mailnull by mail.iitp.ru with local (Exim)
+       id 1ADsWS-0005wS-00
+       for <[EMAIL PROTECTED]>; Mon, 27 Oct 2003 00:34:04 +0300
+X-Failed-Recipients: system-filter
+From: Mail Delivery System <[EMAIL PROTECTED]>
+To: [EMAIL PROTECTED]
+Subject: Mail delivery failed: returning message to sender
+Message-Id: <[EMAIL PROTECTED]>
+Date: Mon, 27 Oct 2003 00:34:04 +0300
+X-Botik-Recipient: [EMAIL PROTECTED]
+Status: RO
+
+This message was created automatically by mail delivery software
(Exim).
+
+A message that you sent could not be delivered to one or more of its
+recipients. This is a permanent error. The following address(es)
failed:
+
+  pipe to |/usr/local/drweb/clients/exim/drweb-exim
--conf=/usr/local/drweb/clients/exim/drweb_exim.conf -f $sender_address
-- $recipients
+    generated by system-filter
+    local delivery failed
+
+------ This is a copy of the message, including all the headers. ------
+
 Return-path: <[EMAIL PROTECTED]>
 Received: from pier.botik.ru ([193.232.174.1])
        by mail.iitp.ru with esmtp (Exim)
@@ -19,9 +47,6 @@
 X-List-Unsubscribe: [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 X-List-Unsubscribe: [EMAIL PROTECTED]
-Status: RO
-Content-Length: 98066
-Lines: 1291
 
 ------------OTYQDGWXCC8HYQ
 Content-Type: text/plain; charset=us-ascii

--- DIFF END ---

Best regards,
Tomasz Kojm
-- 
      oo    .....       http://www.clamav.net/gpg/tkojm.gpg
     (\/)\.........     0DCA5A08407D5288279DB43454822DC8985A444B
        \..........._   Wed Oct 29 04:06:44 CET 2003
          //\   /\

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to