Why does the Braid virus executable not get caught by attachment blocking unless GMS Anti-Spam has "scan inline text" selected?

  1. Home
  2. Knowledge Base
  3. GMS
  4. Why does the Braid virus executable not get caught by attachment blocking unless GMS Anti-Spam has "scan inline text" selected?

Answer

The detection failure was caused by the failure to detect the attachment name. This failure to detect the attachment name was the result of spaces between field name ‘name’ and value separator ‘=’. This is considered to be malformed MIME and is not created by normal mail clients. Here is an example of the malformed MIME encoding:

Content-Type: audio/x-wav;
    Name = "README.EXE"

We have now changed the way we handle white spaces between field name and equals sign and this executable is correctly detected and blocked with or without inline scanning activated.

See Also:

Keywords:braid nimda malformed MIME anti virus

Was this article helpful?

Related Articles