On Wed, Jul 02, 2003 at 09:55:20PM -0400, John Crawford wrote: > Hi. > > A campus department sent out messages today that (each new one) > kept triggering the > $quarantine_description='Illegal breakage found in header name - potential > virus';
Sounds like there was no empty line between the end of the headers and the body.
All MIME mail messages are required to separate the headers from the body. Only hand-written spammers and virus writers are known to differ on this...
That "Content-Type: text/PLAIN" smells handwritten to me... Unfortunately you didn't include the body of the message so we can't tell.
Well, the space following the header from the "head" output is showing the point between the header and the body. I do see two "nl" in a row signifying the start of the body.
0001400 d d e d sp f a k e sp M I M E - V 0001420 e r s i o n sp h e a d e r nl M I 0001440 M E - V e r s i o n : sp 1 . 0 nl 0001460 nl W e sp a r e sp p l e a s e d sp 0001500 t o sp a n n o u n c e sp t h a t 0001520 sp t h e sp w e b sp a p p l i c a
Since it was header analysis, I didn't see the body as being much use, but I gave you the header and the dividing space. It could well be the message was handwritten. It's heavy into long lines in the body. I'm still unsure what it saw to make it react so.
Here's the actual quarantined message, via the web.
http://www.sociology.ohio-state.edu/jmc/quar.txt
Cheers,
John
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
