[Esd-l] virus bypassed sanitizer

[Simon Matthews]

I recently received a virus infected email -- Norton Antivirus identified 
it as:  W32.HLLW.GOP at mm.

Despite the fact that I have exe in the mangle list and *.exe in the 
poisoned files, the attached virus executable (in this case 
kernelsys32.exe) came though unaltered (not even mangled). The procmail log 
file shows the usual 'Sanitizing MIME attachment headers'.

Anyone  else seen this? Anyone want me to forward the email to them for 
investigation?

Simon