On Fri, May 14, 2004 at 12:00:02PM +1000, Adam Goryachev wrote: > b) Hopefully if the mailserver bounced the email, it didn't allow the > original attachment to be included such that the receiver's mail program > can access it. ie, you always get at least a section of the original
Well most MTAs besides Qmail do just that. They attach the original mail message as a MIME attachment instead of just appending it (like Qmail does) - which effectively "corrupts" the virus. (and if you recall, Q-S had to be altered to catch such "corrupt" viruses - even though a user could never be infected by them) So the user would get a bounce mail message that says "qq failed", then clicks on the .eml attachment - and gets infected... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
