Hello,
I am experiencing the fact that avast Professional does not detect mytob.cf Worm. Avast works in Proxy Mode. The worm is detected by the antivir Mailgate Proxy which works on our second Mailgateway.
Here are some Headers and a Part of the message Body:
Sender and recipient are faked (as ususal).
================== snip ============================
From: promotion5@amazon.de
To: matt@yyyy-zzzz.de
Subject: Status
Date: Thu, 5 May 2005 21:54:46 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=“----=_NextPart_000_0013_FDA93145.A0ADBDAE”
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: 0MKqIe-1DTmQo1ExZ-0006Il@mxeu3.kundenserver.de
X-RBL-Warning: warn.bl.kundenserver.de says:
X-UIDL: AP!!CHP"!#(C"!4Kc"!
Status: U
X-Antivirus: avast! (VPS 0518-3, 04.05.2005), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
------=_NextPart_000_0013_FDA93145.A0ADBDAE
Content-Type: text/plain;
charset=“Windows-1252”
Content-Transfer-Encoding: 7bit
&¦%3müâ<4YZíÆá�5�#v¼¢ ¡|ûøný4¢z%wLt;ñ<]mñÍ~ñ®z/Do� ÍMýþ¸�þ)äâmøÍb£��(??,�±Mö�¡ÔAb28/0;/ÛNýèØ*�ìC1±LìR«Y�¿KºD§Þ]Œ^ÃjKH˜¯Eè~6ò£¾Ç|\Ä-vwpÍ7îÕÃð™,ŸÂ¢aH²£ù¹äߧˆJ¹!n‡/'mûc•1è§)Ï8inø™˜îÚ” Õð¦©ûÈg7.}f4WMº“<Ô/.rœÀqókS×Ð/ë\Ä]È_Ð ùþÓ¦ö:ZvªÌZìj~r˜42S'/v¯QZ–p¹îÞÅ2V‹1ž‹”9‹ó.c iÒÜØ¥NñvÃiẨðbÌ÷R¢S_òöUÈdÍÌm0õžª2èïi¼.zw'’½&}Ÿûßm#52¬Í1TrµúšûÓ^þæ§^Lp–c•©æÏsðyKž¶‚8n•
<0¸��ë�òº*�Äø�äÛI�òéÞxöç$ÏÛÕÌOuyûµ¼ç¨:_qÆO<ZK��h-àþ~íÏæRöB~±¤¸kàij®8ª�C�G�Ý�Êòc&f oÙü;[Ú¸-Æ«ôX�paSSø¿»¦f}.)2ûí¸Á©wsx Áp�ÅWaz>¬Ê³�m��¹Óv_ó&Íü2�
------=_NextPart_000_0013_FDA93145.A0ADBDAE
Content-Type: application/octet-stream;
name=“data.zip”
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=“data.zip”
UEsDBAoAAAAAANeepTL7peAozrkAAM65AABSAAAAZGF0YS50eHQgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLnNjck1a
========================== snap =====================
If you need something for analysis: I have many of them.
Greetings Andreas