Hi, all!
I have a great problem in scanning E-Mails with clam...
A customer received an E-Mail, with a Virus, which clam knows, but if I this
virus is in the E-Mail, clam says that's all OK...
Now the nice part: if I extract this file from E-Mail, and send it to me
again, then clam says that the E-Mail has a virus!
I try to check the Headers of the E-Mail, and I see this (in the original
virus E-Mail):
SUBJECT: best regards
FROM: dowoo@???
TO: <address of our customer>
DATE: [[ _ñ, 08 9 2005 ¿ÀÈÄ 12:01:12 ]]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------bound--"
----------bound--
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
***URGENT: SERVICE SHUTDOWN NOTICE***
Due to your failure to comply with our email
Rules and Regulations, your email account has been
temporarily suspended for 24 hours unless we are contacted regarding
this situation.
You must read the attached document for further
instructions. Failure to comply will result in termination of your account.
Regards,
Net Operator
***URGENT: SERVICE SHUTDOWN NOTICE***
----------bound--
Content-Type: application/x-msdownload; name="archivator.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="archivator.zip"
and, in the "resended" E-Mail, I see these Headers:
Date: Thu, 8 Sep 2005 16:25:18 +0200
From: Luca Bertoncello <bertoncello@???>
To: bertoncello@???
Subject: test
Message-ID: <20050908162518.2308ceb3@lucabert>
Organization: IMS Internet-Media-Service
X-Mailer: Sylpheed-Claws 1.0.5 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="Multipart_Thu__8_Sep_2005_16_25_18_+0200_ybNLEPSaGEs7Z=rQ"
X-Envelope-To: bertoncello@???
X-AV-scan: yes
X-Infected: Worm.Bagz.E
X-Spam-Score: -102.0 (---------------------------------------------------)
X-Spam-Report: -102.0/5.0
* -100 USER_IN_WHITELIST From: address is in the user's white-list
* -2.0 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
* [score: 0.1319]
--Multipart_Thu__8_Sep_2005_16_25_18_+0200_ybNLEPSaGEs7Z=rQ
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--=20
_______________________________
Luca Bertoncello
-Programmierung / Mailserver-
IMS Internet-Media-Service GmbH
B=E4rensteiner Stra=DFe 7
01277 Dresden
Fon: +49 351 2112034
Fax: +49 351 2112020
email: bertoncello@???
--Multipart_Thu__8_Sep_2005_16_25_18_+0200_ybNLEPSaGEs7Z=rQ
Content-Type: application/zip; name=archivator.zip
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=archivator.zip
So, the obvious difference is that in my E-Mail the file has Content-Type
application/zip, but in the original one it's application/x-msdownload...
Is this the problem?
Has anyone any Idea to solve my problem?
Thanks a lot in advance!
--
_______________________________
Luca Bertoncello
-Programmierung / Mailserver-
IMS Internet-Media-Service GmbH
Bärensteiner Straße 7
01277 Dresden
Fon: +49 351 2112034
Fax: +49 351 2112020
email: bertoncello@???
