[Avcheck] test
Michael Tokarev
mjt@tls.msk.ru
Fri, 15 Mar 2002 02:33:39 +0300
Richard Harvey Chapman wrote:
>
> Sorry about that. I looked again after I sent that message and saw that
> it didn't bounce, it just got deferred. Something's wrong with my rDNS
> right now.
No all is working now. DNS is a strange beast, all sorts of timeouts are
possible.
> Anyway, I have to run right now, but I'll post a weird avcheck problem
> later. In a nutshell, received the Win32.Gibe virus twice with no
> errors. I've been testing with that virus all day yesterday and it
> caught every one. Then, I forwarded the message that got through back to
> myself and it got caught. Weird.
Check if those uncatched emails contains leading spaces in the first
line of attached .exe. Like this:
---
...
If in doubt, please ask for assistance. ATSI, Inc. scans all email with the lat
est "NAI" software for KNOWN viruses.
--NextPart_000235
Content-Type: application/x-msdownload;
name="q216309.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="q216309.exe"
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAuAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
...
---
(note 3 spaces before TVqQ... in pre-last line). If this is the case (I suspect
it is), the answer is simple: DrWeb wan't detect this. I don't know why. I
already sent this variant to support@drweb.ru at mar-12, but received nothing
so far).
> I'll submit it later tonight.
>
> BTW putting the -h option before the -d option appeared to silently
> throw away mail. I'll write that one up, too.
Yes I know. Corrected in the yet-to-be-released version (there is a
clash between -h for help and -h for header. Just don't place -h
first for now).
Regards,
Michael.