On Fri, 2004-02-13 at 05:38, Doug Monroe wrote: > > infected message, but QMS didn't because it thought the message was PLAIN > > Text somehow. I bring this up because it may be a new way for infectors to > > hide their attachment from certain scanners. > > because the message WAS plain text as far as the structure of the mail > message is concerned.
I agree. I think that Nortons is being over-zealous in this case - claiming a corrupt mail message contained an attachment when it didn't. However, I'd be REALLY HAPPY if someone could get me an original copy of that virus - i.e. before any other AV system has further corrupted it by extracting the attachment/etc. Maybe there are some characteristics Q-S could learn from them... If you know you are going to receive 'x' of such messages per day, if possible you could turn on archiving in Q-S (if you have the diskspace!!) until one comes through, find it and send me that (obviously you can't just pull it out of the quarantine dir as Q-S never catches it) You will have to PGP or password-protect it in a zip file to stop anything else blocking it from getting to me of course... Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
