[Mimedefang] MIME Virus Issue?

Chris Masters rotis23 at yahoo.com
Thu Nov 11 09:21:16 EST 2004

Hi All,

We've just had an incident where 2 or more viruses
have got through our scanners. The virus was
W32.Mota.B at mm and was packaged with the following
Content-Type header:

   Content-Type: multipart/mixed; boundary="" 

We're using mimedefang-2.43 and *old*

Although the email contained the following zip file,
'filter' was never called.

  Content-Type: application/x-zip-compressed; 


  Content-Transfer-Encoding: base64 

  Content-Disposition: attachment; 


We currently scan the whole message from
'filter_begin' and if positive each entity from
'filter' (for removal/cleaning).

So, the whole message was scanned with 3 virus
scanners but each entity was not scanned because
filter was never called.

So, a couple of questions:

Is this an issue because we're using an old

Could this be a MIME package exploit of some kind?

We have the full intact message in a msg format, but
I'm guessing that this has been reformatted (from the
original raw format of the message as it went through
the scanner) by the outlook client.

We have other details (logs etc) if this should be
taken off-line.

Thanks for your help on this.

Chris <in a pretty concerned state>

Do you Yahoo!? 
Check out the new Yahoo! Front Page. 

More information about the MIMEDefang mailing list