[Esd-l] Fw: .com file which passed thru the sanityzer

Juan Maria Gil jmg at olinet.es
Mon Nov 24 07:37:55 PST 2003

I'm sorry, I forgot to desfigure the EICAR signature from my previous email.


Today we have received some emails from a security test sent to us by SecurityMetrics,
eveyone of the executables were sanitized but one.
This is the significative parts of this message:

Subject: [raq550] Nessus antivirus test 4: broken MIME attachment (ISO encoding)
X-Security: MIME headers sanitized on ns1.olinet.es
 See http://www.impsec.org/email-tools/sanitizer-intro.html
 for details. $Revision: 1.139 $Date: 2003-09-07 10:14:23-07
Content-Type: multipart/mixed; boundary="=-=-="
Lines: 13
Sender: owner-raq550 at www.olinet.es
Precedence: bulk
Reply-To: nobody at example.com
X-Majordomo-Version: 1.94.4
X-UIDL: hfY"!eUd!!fU%#!JiH"!


If you can read or execute the attachment, this means that you do not
have an antivirus, or that it was disabled.

Content-Disposition: attachment; filename="eicar.=?ISO-8859-1?Q?c?= =?ISO-8859-1?Q?o?=
Content-Description: EICAR test file
Content-Type: application/octet-stream


Any clue?

Greetings from Spain.
Juan María Gil Alexandres ( jmg at olinet.es ).
OLINET, S.L. Teléfono: 952207135 - Fax: 952207600
Avda. Juan Sebastián Elcano, 39-41. 29017 Málaga.

More information about the esd-l mailing list