[Mimedefang] odd empty messages

Stewart stewart at f8.com.au
Tue Feb 3 00:10:34 EST 2004 

Hi all..

Ever since this latest virus outbreak started i've been seeing a number  
of odd messages getting through without being flagged, apparently.  
example follows (munged obfuscation applied):
=========
 From probably-faked at dodo.com.au Tue Feb  3 08:55:32 2004
Return-Path: <probably-faked at dodo.com.au>
Received: from myserver.mydomain.com.au ([unix socket])
	by myserver (Cyrus v2.1.14-IPv6-Debian-2.1.14-3) with LMTP; Tue, 03  
Feb 2004 08:55:32 +1100
X-Sieve: CMU Sieve 2.2
Received: from dodo.com.au (ESS-p-144-138-109-159.mega.tmns.net.au  
[144.138.109.159])
	by myserver. mydomain.com.au (8.12.9/8.12.9/Debian-5) with ESMTP id  
i12LsJEm015522
	for <myuser@ mydomain.com.au>; Tue, 3 Feb 2004 08:54:21 +1100
Message-Id: <200402022154.i12LsJEm015522 at myserver. mydomain.com.au>
From: probably-faked at dodo.com.au
To: myuser@ mydomain.com.au
Subject: Hello
Date: Tue, 3 Feb 2004 07:55:01 +1000
MIME-Version: 1.0
Content-Type: multipart/mixed;  
boundary="----=_NextPart_000_0004_CD05CB46.BD84472F"
X-Priority: 3
X-MSMail-Priority: Normal
X-Scanned-By: MIMEDefang 2.37

This is a multi-part message in MIME format...

------=_NextPart_000_0004_CD05CB46.BD84472F
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

The message contains Unicode characters and has been sent as a binary  
attachment.


------=_NextPart_000_0004_CD05CB46.BD84472F--

..and that's all there is.

the log shows nothing unusual that i can see.. it's detecting the bad  
content and setting drop=1 (i'm using action_drop on everything this  
week and stuff the consequences ;-) but it's still delivering.


============
Feb  3 08:55:31 inserver sm-mta[15522]: i12LsJEm015522: from=<  
probably-faked at dodo.com.au>, size=31180, class=0, nrcpts=1,  
msgid=<200402022154.i12LsJEm015522 at inserver.bleach.com.au>,  
proto=ESMTP, daemon=MTA, relay=ESS-p-144-138-109-159.mega.tmns.net.au  
[144.138.109.159]
Feb  3 08:55:31 inserver mimedefang.pl[11244]:  
MDLOG,i12LsJEm015522,bad_filename,text.bat,application/octet-stream,<  
probably-faked at dodo.com.au>,<shannon at bleach.com.au>,Hello
Feb  3 08:55:32 inserver mimedefang.pl[11244]: filter: i12LsJEm015522:   
drop=1
Feb  3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter change:  
header  Content-Type: from  
multipart/mixed;\n\tboundary="---- 
=_NextPart_000_0004_CD05CB46.BD84472F" to multipart/mixed;  
boundary="----=_NextPart_000_0004_CD05CB46.BD84472F"
Feb  3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter change:  
header  MIME-Version: from 1.0 to 1.0
Feb  3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter message:  
body replaced
Feb  3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter add:  
header: X-Scanned-By: MIMEDefang 2.37
Feb  3 08:55:32 inserver sm-mta[15525]: i12LsJEm015522:  
to=<shannon at bleach.com.au>, delay=00:01:11, xdelay=00:00:00,  
mailer=cyrus, pri=120248, relay=localhost, dsn=2.0.0, stat=Sent



is anyone else getting these, and if so, what do you do about it? this  
MD newbie here isn't sure where to go next...

cheers,
..S.

More information about the MIMEDefang mailing list