anomy-list

myparty virus detection

From: alex morris (34173@xyz.molar.is)
Date: Tue 29 Jan 2002 - 19:26:15 UTC


D.J. and fellow Anomyers,

I, too, noticed that the myparty virus made it past my anomy v1.45
sanitizer and Sophos virus scanner, even though Sophos had been updated
with an .ide file for myparty.

I think the fix is to upgrade to anomy version 1.48, and make sure
feat_uuencode = 1, as Bjarni said.

I tested this a couple different ways.

If I send myparty as an attachment, my anomy v1.45 will pick it up and
correctly quarantine the attachment. I think it does this *when the
virus is sent as an attachment*, since anomy can now determine the
boundaries <?>

But, if I send the virus as the message body, it will pass through anomy
v1.45 undetected.

The Good Thing;

It looks like anomy 1.48 does a better job of determining what to do
with it.

Here is how I replicated the virus being sent.

I craft a mail message file and remove all content type header fields,
encoding type header fields and other 'non-essential' mail header
information, such that the header looks sparse, like this



hosted by molar.is