On 2004-03-23, 17:20:21 (-0500), firstname.lastname@example.org wrote:
> AFAIK, this virus should have a .zip attachment (most of the time), which I
> would (through my configuration), scan, and quarantine (and that would
> print the msg_file_save in the email), but no message is being displayed,
> and no files are getting quarantined, when the email is delivered without
> an attachment.
I'm not sure exactly how these things happens, but I've gotten lots
of virus mails without the payloads attached. Sobigs, Mydooms, all
sorts of things. I get alot of crap mail. :-)
One theory is that the viruses are buggy.
Another is that the payloads are getting stripped by stupid mail
filters, without any notices or warnings getting attached. This
could easily happen in a company which automatically enforces a "no
outgoing attachments at all" policy.
This could also be caused in obscure cases where a machine has
partial A/V protection - not enough to keep the infection from taking
place in the forst place, but enought to keep the "build a new
infected mail" process from succeeding.
> Could that be causing the sanitizer to get confused, and think that the
> attachment is just junk data, which gets lost???
That's remotely possible of course, there are always new bugs to find and
squash. :-) But I've seen so many of these which haven't been touched by
Anomy that I don't think it's the most likely explanation.
-- Bjarni Rúnar Einarsson email@example.com http://bre.klaki.net/
PGP: 02764305, B7A3AB89