On Mon, 29 Mar 2004, David wrote:
> when I check test #19 at www.virustest.org I get the following:
>
> From - Sat Mar 27 11:27:57 2004
> X-UIDL: UID39583-1069500867
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-path: <tester@???>
> Envelope-to: david@???
> Delivery-date: Sat, 27 Mar 2004 11:31:52 +0100
> Received: from crc2.excedent.us ([12.5.19.157] helo=mail01.excedent.us)
> by a.mx.ols.es with esmtp (Exim 4.30)
> id 1B7B6W-0007dW-BI
> for david@???; Sat, 27 Mar 2004 11:31:52 +0100
> X-Originating-Ip: 80.58.42.235
> Message-Id: <992902.@testvirus.org>
> Date: Sat, 27 Mar 2004 05:40:13 -0500
> From: "TESTVIRUS.org" <tester@???>
> To: <david@???>
> Subject: Virus Scanner Test #19
> Received-SPF: none (rackuk.ols.es: domain of tester@??? does
> not designate permitted sender hosts)
> X-OLS-Whitelisted: no
> X-Virus-Scanned: by ClamAV at a.mx.ols.es on Sat, 27 Mar 2004 11:31:52 +0100
> X-Origin-Country: [US]
> X-Recipients: 1
> X-SPAM-OLSId:
> 12.5.19.157/tester@???/1B7B6W-0007dW-BI-29358@???
>
> Mime-Version: 1.0
> Content-Type: multipart/mixed;
>
>
> note that the body starts wiht the header line that follows the white
> space and all custom headers have been added at that point.
I have just run test #19 myself, getting it to send the message direct
to my workstation. No virus scanners were involved. The headers I
received looked weird, but I had taken the precaution of running tcp
dump to see what actually arrived. The message I got looked like this:
Received: from crc2.excedent.us ([12.5.19.157]:3010 helo=mail01.excedent.us)
by xxxxxx.cam.ac.uk with esmtp (Exim 4.31)
id 1B7wf1-0003Vp-Cn
for ph10@???; Mon, 29 Mar 2004 14:18:39 +0100
X-Originating-Ip: 131.111.8.97
Message-Id: <921079.@testvirus.org>
Date: Mon, 29 Mar 2004 08:26:17 -0500
From: "TESTVIRUS.org" <tester@???>
To: <ph10@???>
Subject: Virus Scanner Test #19
Mime-Version: 1.0
Content-Type: multipart/mixed;
BounDary="=====================_307115168==_"
--=====================_307115168==_
Content-Type: application/zip; name="eicar.zip";
x-mac-type="705A4950"; x-mac-creator="705A4950"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="eicar.zip"
UEsDBAoAAAAAAGZGpiw8z1FoRAAAAEQAAAAJAAAARUlDQVIuQ09NWDVPIVAlQEFQWzRcUFpYNTQo
UF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCpQSwECFAAK
AAAAAABmRqYsPM9RaEQAAABEAAAACQAAAAAAAAABACAAAAAAAAAARUlDQVIuQ09NUEsFBgAAAAAB
AAEANwAAAGsAAAAAAA==
--=====================_307115168==_
Content-Type: text/plain; charset="us-ascii"; format=flowed
However, the tcpdump shows that a genuine blank line was sent after
the Subject: header line:
0x00c0 3e0d 0a53 7562 6a65 6374 3a20 5669 7275 >..Subject:.Viru
0x00d0 7320 5363 616e 6e65 7220 5465 7374 2023 s.Scanner.Test.#
0x00e0 3139 0d0a 0d0a 4d69 6d65 2d56 6572 7369 19....Mime-Versi
0x00f0 6f6e 3a20 312e 300d 0a43 6f6e 7465 6e74 on:.1.0..Content
Therefore, Exim is quite correct in terminating the headers there. I
cannot see that this is an Exim problem.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
