Sorry if this isn't the right mailing list for this topic, but it seems the
most relevant I can find..
If an email virus scanner saw an email like this
------------Cut here-----------
Subject: failed message
From: postmaster(_at_)somewhere(_dot_)com
X-comment: Note - no MIME headers at all
Your message failed because we didn't like it, here's the original message:
----------------------
Subject: Your message
From: you(_at_)domain(_dot_)com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Boundary"
------=_Boundary
Content-Type: text/plain
My message
------=_Boundary
Content-Type: application/octet-stream; name="document01.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="document01.exe"
<base64 encoded virus>
------=_Boundary--
------------Cut here-----------
Would you expect a virus scanner to detect the virus? Should it try? My
thinking is that the virus is actually just a gump of larbled text so why
should a virus scanner detect it (let's ignore the fact, for now, that the
bounce message shouldn't contain the attachment at all, we all know that
some servers do that). If the bounce message was structured so that the
original message was in a message/rfc822 section, then, yes, I'd say a
virus scanner should detect it, but in this case, the bounce message is
unstructured plain text, and no email client SHOULD show the 'attachment'
as an attachment, because it isn't one.
But, what do the panel think?
Paul VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/