RE: NAI Webshield SMTP for WinNT MIME header vuln

[Eric Chien <ecchien () yahoo com>]

I doubt this is due to the MIME header problem.

W32.Goner.A@mm uses Outlook via MAPI to send it's message.  It doesn't have 
its own SMTP engine and doesn't generate its own MIME headers.  The MIME 
headers should be RFC compliant.

I'd double check configurations from properly updated DATs to verifying you 
are scanning SCR extensions.

Good luck,

...Eric

At 03:10 PM 12/4/2001 -0500, you wrote:
> Note: the newest virus (w32/gone.a-mm) is blowing thru the WebShield product
> that runs on NT in front of our email server.
> We have just updated to the newest DAT files from McAfee . 4174.
>
> It seems to be a continuation of the other problem. Bottom line here, we are
> using GroupShield in conjunction with WebShield and it is set to delete most
> extensions on sight. The only way we saved ourselves from what looks to be a
> very bad outbreak.