[Mimedefang] suspicious characters in body
Jeremy
jeremy at electrosilk.net
Thu May 9 18:04:43 EDT 2002
From: "David F. Skoll" <dfs at roaringpenguin.com>
> > i only have seen two hex b9 characters.
>
> The only thing which should trigger this message is a carriage-return
> in the e-mail which is NOT followed by a linefeed.
I have had an innocuous message quarantined by 2.09 as well. Here is a hex
dump of the relevant section. It appears to be triggered by two NULL
characters inserted at the end of the AVG virus warning.
0000848: 7665 722e 0d0a 0d0a ver.....
0000850: 0d0a 2d2d 2d0d 0a4f ..---..O
0000858: 7574 676f 696e 6720 utgoing
0000860: 6d61 696c 2069 7320 mail is
0000868: 6365 7274 6966 6965 certifie
0000870: 6420 5669 7275 7320 d Virus
0000878: 4672 6565 2e0d 0a43 Free...C
0000880: 6865 636b 6564 2062 hecked b
0000888: 7920 4156 4720 616e y AVG an
0000890: 7469 2d76 6972 7573 ti-virus
0000898: 2073 7973 7465 6d20 system
00008a0: 2868 7474 703a 2f2f (http://
00008a8: 7777 772e 6772 6973 www.gris
00008b0: 6f66 742e 636f 6d29 oft.com)
00008b8: 2e0d 0a56 6572 7369 ...Versi
00008c0: 6f6e 3a20 362e 302e on: 6.0.
00008c8: 3335 3120 2f20 5669 351 / Vi
00008d0: 7275 7320 4461 7461 rus Data
00008d8: 6261 7365 3a20 3139 base: 19
00008e0: 3720 2d20 5265 6c65 7 - Rele
00008e8: 6173 6520 4461 7465 ase Date
00008f0: 3a20 3139 2f30 342f : 19/04/
00008f8: 3230 3032 0d0a 2000 2002.. . <<< Problem here ??
0000900: 000d 0a0d 0a2d 2d2d .....--- <<< and here ??
0000908: 2d2d 2d2d 2d2d 2d2d --------
0000910: 2d2d 2d2d 2d2d 2d2d --------
0000918: 2d2d 2d2d 2d2d 2d2d --------
0000920: 2d2d 2d2d 2d2d 2d2d --------
0000928: 2d2d 2d2d 2d2d 2d2d --------
0000930: 2d2d 2d2d 2d2d 2d2d --------
0000938: 2d2d 2d2d 2d2d 2d2d --------
0000940: 2d2d 2d2d 2d2d 2d2d --------
0000948: 2d2d 2d2d 2d2d 2d2d --------
0000950: 2d0d 0a54 6f20 7265 -..To re
More information about the MIMEDefang
mailing list