Hi,
I'm receiving a mail virus from a hotmail account. The message passes
through amavis-postfix with antivir. The mail contains "HappyWorm". When I
forward the mail, it does not pass through the mail server and antivir can
detect the virus. Tracking down the problem I found out the following
oddity ?
When amavis decodes the mail, it creates the following file.
msg-20298-4.txt
The content is base64 encoded and starts as
Content-Type: application/octet-stream;
name=query[1].htm
Content-Transfer-Encoding: base64
Content-ID:
PasdASDasdSDQWEASdaseRQDSAdCeTLs...... and continues.
When I decode this part with mimencode -u, it's plain html file with worm
code in it.
antivir can detect the virus in the htm file but amavis does not decode and
scan the file.
Is there anything I'm missing? Other than this, everything works fine with
amavis-postfix and antivir. I also tried f-prot but it didn't recognize the
encoded file either.
Does anyone know why amavis is not decoding the mime part?
I'm using amavis-postfix, postfix from the suse 7.3 CD's and antivir (latest)
Regards,
Oyku Gencay
BTW I tried to scan the encoded file with Norton Antivirus (Win) and it
recognized it's encoded and found the virus.
