Maybe this info will help. I was getting DOOM imbedded in my email and it kept getting stuck in the spooler for Eudora. This was the response from Doug Nelson. >----------Forwarded message ---------- >Return-path: <[log in to unmask]> >Envelope-to: [log in to unmask] >Delivery-date: Fri, 06 Feb 2004 09:32:43 -0500 >Received: from clunix.cl.msu.edu ([35.9.2.10]) > by sys11.mail.msu.edu with esmtp (Exim 4.24 #37) > id 1Ap72A-0008V0-WD > for [log in to unmask]; Fri, 06 Feb 2004 09:32:43 -0500 >Received: (from nelson@localhost) > by clunix.cl.msu.edu (8.11.7p1+Sun/8.11.7) id i16EWfJ18494 > for [log in to unmask]; Fri, 6 Feb 2004 09:32:41 -0500 (EST) >From: Doug Nelson <[log in to unmask]> >Message-Id: <[log in to unmask]> >Subject: Re: MSU virus detection failure. (fwd) >To: [log in to unmask] >Date: Fri, 6 Feb 2004 09:32:40 -0500 (EST) >X-Mailer: ELM [version 2.5 PL2] >MIME-Version: 1.0 >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit >X-Virus: None found by Clam AV >X-Spam-Status: No, hits=1.3 required=5.0 tests=LARGE_HEX,UPPERCASE_25_50 > autolearn=no version=2.60 >X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on > sys11.mail.msu.edu >X-Spam-Level: * > From our mail team: >"The message was sent from a box on ameritech.net to earthlink. >The recipient account was full, so earthlink wrapped the message in >multipart mime and bounced it to the forged sender. >Our current version of clam can't deal with multipart mime and sent it >through. The latest version of clam can handle this but it has a memory >leak. We are waiting for a patch before we try installing it again." >Doug > >Doug Nelson [log in to unmask] >Network Manager Ph: (517) 353-2980 >Computer Laboratory http://www.msu.edu/~nelson/ >Michigan State University > >Forwarded message: >Subject: Re: MSU virus detection failure. >To: [log in to unmask] (Cheryl A Akers) >Date: Thu, 5 Feb 2004 16:57:56 -0500 (EST) >Cc: [log in to unmask] >In-Reply-To: <[log in to unmask]> from "Cheryl A Akers" >at Feb 05, 2004 10:16:06 AM >X-Mailer: ELM [version 2.5 PL2] >>The following message is being detected as DOOM by my desktop antivirus >>but missed by MSU. This is the 2nd message is the last 10 minutes with >>this problem. This has also happened to at least one other person in the >>Microbiology Department. > >I can pass this on to the mail.msu.edu team. There are a couple >possibilities. >Either this is a new variant, and the virus definitions on mail.msu.edu had >not yet been updated to recognize it, or the returned message as seen by the >mail system did not contain the virus code as a true attachment. From a quick >read of the headers, I don't see the "mime" encoding headers that would break >this out as a separate attachment. Thus, it should be impossible for you to >receive the message, click on the attachment, and become infected, even if >your AV detected the virus signature. >Doug > >> ----------Forwarded message ---------- >>Return-path: <> >>Envelope-to: [log in to unmask] >>Delivery-date: Thu, 05 Feb 2004 10:07:23 -0500 >>Received: from turkey.mail.pas.earthlink.net ([207.217.120.126]) >> by sys02.mail.msu.edu with esmtp (Exim 4.24 #37) >> id 1Aol6B-00050O-A8 >> for [log in to unmask]; Thu, 05 Feb 2004 10:07:23 -0500 >>Received: from exim by turkey.mail.pas.earthlink.net with local (Exim >>3.33 #1) >> id 1Aol6A-00015w-00 >> for [log in to unmask]; Thu, 05 Feb 2004 07:07:22 -0800 >>X-Failed-Recipients: [log in to unmask] >>From: Mail Delivery System <[log in to unmask]> >>To: [log in to unmask] >>Subject: Mail delivery failed: returning message to sender >>Message-Id: <[log in to unmask]> >>Date: Thu, 05 Feb 2004 07:07:22 -0800 >>X-Virus: None found by Clam AV >>X-Spam-Level: * >>X-Spam-Status: No, hits=1.3 required=5.0 tests=LARGE_HEX,UPPERCASE_25_50 >> autolearn=no version=2.60 >>X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on >> sys02.mail.msu.edu >>This message was created automatically by mail delivery software (Exim). >>A message that you sent could not be delivered to one or more of its >>recipients. This is a permanent error. The following address(es) failed: >> [log in to unmask] >> SMTP error from remote mailer after RCPT TO:<[log in to unmask]>: >> host mx1.earthlink.net [207.217.125.16]: 554 This mailbox is full. >>Please try again later. for [log in to unmask] >> ------ This is a copy of the message, including all the headers. ------ >>Return-path: <[log in to unmask]> >>Received: from adsl-65-42-240-129.dsl.lgnnmi.ameritech.net >>([65.42.240.129] helo=msu.edu) >> by turkey.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) >> id 1Aol62-00012Y-00 >> for [log in to unmask]; Thu, 05 Feb 2004 07:07:15 -0800 >>From: [log in to unmask] >>To: [log in to unmask] >>Subject: Test >>Date: Thu, 5 Feb 2004 10:04:38 -0500 >>MIME-Version: 1.0 >>Content-Type: multipart/mixed; >> boundary="----=_NextPart_000_0003_9C28C80A.30CD9C23" >>X-Priority: 3 >>X-MSMail-Priority: Normal >>Message-Id: <[log in to unmask]> >>This is a multi-part message in MIME format. >> ------=_NextPart_000_0003_9C28C80A.30CD9C23 >>Content-Type: text/plain; >> charset="Windows-1252" >>Content-Transfer-Encoding: 7bit >>The message cannot be represented in 7-bit ASCII encoding and has been >>sent as a binary attachment. >> >> > > >Doug Nelson [log in to unmask] >Network Manager Ph: (517) 353-2980 >Computer Laboratory http://www.msu.edu/~nelson/ >Michigan State University > > Cheryl Cheryl Akers, MS, CNA - [log in to unmask] Microcomputer Support - Microbiology and Molecular Genetics 2228C Biomedical Physical Sciences Michigan State University East Lansing, MI 48824 517-355-6463 X1514