[Esd-l] virus bypassed sanitizer

Simon Matthews simon at paxonet.com
Thu Jan 3 16:42:01 PST 2002

I recently received a virus infected email -- Norton Antivirus identified 
it as:  W32.HLLW.GOP at mm.

Despite the fact that I have exe in the mangle list and *.exe in the 
poisoned files, the attached virus executable (in this case 
kernelsys32.exe) came though unaltered (not even mangled). The procmail log 
file shows the usual 'Sanitizing MIME attachment headers'.

Anyone  else seen this? Anyone want me to forward the email to them for 


More information about the esd-l mailing list