Question
Does GMS Anti-Virus work against malformed messages that are often deliberately made by virus writers in an attempt to circumvent virus scanners?
Some of the malformed messages will be interpreted by the mail clients and executed.
A good example of a virus creating a mal-formed messsage is Win32/Gibe.A, too: It inserts spaces in front of the base encoding. Most programs (for example, Outlook and WinZip) won’t properly decrypt the first line and therefore the worm does not work anymore (corrupted sample), but a few programs like Outlook Express will see and decrypt the attachment correctly.
Can GMS Anti-Virus stop this worm and other viruses like it?
Answer
Yes.
We have checked to ensure that GMS Anti-Virus can detect and handle several examples of corrupted messages of the type viruses make. For example GMS Anti-Virus will
- handle uuencoded data in subject line
- handle premature end-of-data marker
- handle invalid data embedded in uu data
- handle broken uu data start sequence
- handle out-of-spec line lengths
- handle mixed CR/LF combinations
- handle leading = chars in base64
- handle embedded quotes in attachment names
You can use GMS Anti-Virus in confidence knowing that you are well protected against even the worst messages viruses can throw at GMS Anti-Virus.
See Also:
- Why is it better to use #GMSAV# rather than a third party anti-virus solution?
- What is contained in release 3037?
- If I use GMS Anti-Virus, how quickly can I expect to be protected against a new virus?
Keywords:VPP virus mime uuencode base64 malformed viruses virii Virus checker GMS Anti-virus anti virus antivirus