Hi All

New to eset but it seems a good product.

I have the evaluation version for the time being, I like to see a record that all email has been scanned for a virus.

I use Thunderbird mail on Win XP SP2 and I subscribe to a mailing list beginners@perl.org.

It seems that most incoming email from this list has the message

_________ NOD32 1.1771 (20060923) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com

However any email from the domain yahoo.com does not

I have only been using the product for a few days so am unsure why this.

My other email is very low traffic so have little but this mail list and they seem ok.

anyone else seen this?

All the best

Ian

Are you using SSL (http://www.webopedia.com/TERM/S/SSL.html) to check your mail on yahoo?
If so, it can't be scanned since it's an encrypted line.

For IMON to be able to check secure email such as that provided by Gmail, you'll need to install an SSL wrapper http://www.stunnel.org

Further information can be found HERE (http://www.wilderssecurity.com/showthread.php?p=589204)

Cheers ;D

Hi

Thanks for the quick response

Let me clarify the problem a bit

it is only received mail from Yahoo.com and when I say received I meant to say that mail sent from anyone at Yahoo.com to my mail server which is not using ssl

Eg

From someone@yahoo.com

To me@bluebottle.com

Does anyone know what tools come with perl 5.8.8?

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

-- To unsubscribe, e-mail: beginners-unsubscribe@perl.org For additional commands, e-mail: beginners-help@perl.org <http://learn.perl.org/> <http://learn.perl.org/first-response>

No Virus check message

Where as the following gives the virus check message

From someone@anyonebutYahoo.com

To me@bluebottle.com


Hi,

I am extremely grateful to all those who answered my question and I am
happy to say that I was able to get a solution to my problem from the
suggestions and explanations given by you. I understood my mistakes and
learned a lot from you.

Thanks again.

Best wishes,

Geetha



__________ NOD32 1.1780 (20060927) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com

Its not a major problem, well I hope its not:-) just interested in case anyone had an answer.

I will purchase the full version today as it is so much faster and caught a nasty on a friends PC when all else seemed to fail

Hi,

Are the messages in HTML format ? If so, it's probably due to missing HTML tags. It happens for mails sent by Hotmail webmail, and maybe by yahoo webmail too, I don't know.

In hotmail, messages snet by the webmail interface and using HTML don't have BODY tags, so IMON doesn't know where to put it's notification message.
You may want to check, if the message is HTML, the source code of it, maybe that's where the problem lies.

Hi IcePanther

They are plain text but you have I believe hit on the answer, though not sure why

This is the last part of a header of a Yahoo email

--------------------Start of example------------------

MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV 0.88.4/1948/Wed Sep 27 09:03:03 2006 on mx1.bluebottle.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx1.bluebottle.com
Trusted-Delivery-Validation-State: Not validated

----------------End example--------------------

And this is the last part of a header of another email that gives the virus check message

-------------------start example---------------------

X-Virus-Checked: Checked
X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on mx0.bluebottle.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx0.bluebottle.com
Trusted-Delivery-Validation-State: Not validated

------=_NextPart_000_0001_01C6E301.2CEF71C0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

-----------end example-------------------

In both examples the message body follows the last line of the example given

I notice two things

1. the working example declares content type and encoding just before the message body, the none working example (Yahoo) declares it well before

2. The working example is 7 bit encoding, Yahoo is 8 bit

do you think this is the cause?

All the best

Ian

I'm sorry but I can't help you much with that since I don't know much about mail headers, but maybe someone else will be able to help you more about that.

Hi IcePanther

Not a problem, thank you for your interest

For anyone else that is interested a quick update

Where the content type/encoding and character set is in the email does not make a difference. I have just received an email from gmail.com which had the NOD 32 checked for virus message embedded and it resembled the Yahoo email apart from one thing!! The character encoding is 7 bit in google as opposed to 8 bit in Yahoo.

This could of course be a red herring but its all I have at the moment, if someone could send me an email from any account but yahoo.com with 8 bit encoding I will see if the email has the NOD 32 message sating it has been scanned and then I may be able to say if its the encoding or not

All the best
ian.macdonald @ bluebottle.com

OK so I reactivate my Yahoo email account and get the offer of the new beta version, but first I use the old version to send myself an email here is the result

--------------Start of part of header and body Yahoo old style-----------

From: Ian John <ijm51000 @ yahoo.co.uk>
Subject: Test for the virus scan message
To: ian.macdonald @ bluebottle.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on mx1.bluebottle.com
X-Virus-Status: Clean
X-Spam-Status: No, score=3.1 required=15.0 tests=BAYES_00,DK_POLICY_SIGNSOME,
DK_POLICY_TESTING,DK_SIGNED,DK_VERIFIED,DNS_FROM_RFC_ABUSE,
DNS_FROM_RFC_POST,DRUGS_ERECTILE,DRUGS_ERECTILE_OBFU,FUZZY_VPILL
autolearn=no version=3.1.5
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx1.bluebottle.com
Trusted-Delivery-Validation-State: Not validated

Does Nod check this



___________________________________________________________
All New Yahoo! Mail – Tired of Vi@gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html

------------End----------------------

As we can see no NOD32 message, next Yahoo beta test email

--------------Start of part of header and body Yahoo Beta mail-----------

From: Ian John ijm51000 @ yahoo.co.uk
Reply-To: Ian John ijm51000 @ yahoo.co.uk
Subject: this is a test of the virus check message
To: ian.macdonald @ bluebottle.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on mx0.bluebottle.com
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.7 required=15.0 tests=BAYES_00,DK_POLICY_SIGNSOME,
DK_POLICY_TESTING,DK_SIGNED,DK_VERIFIED,DNS_FROM_RFC_ABUSE,
DNS_FROM_RFC_POST autolearn=no version=3.1.5
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx0.bluebottle.com
Trusted-Delivery-Validation-State: Not validated

Yahoo mail beta test of NOD32



__________ NOD32 1.1781 (20060928) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com



---------------End-----------------------------------


And we have the NOD32 virus check message, difference does seem to be the encoding as the beta message is set to US ASCII and the old style is 8 bit.

I know it seems a bit trivial, but I am now interested

Regards

Ian

Sorry, tried to edit my last reply and posted instead.

The 8 & 7 bit encoding is not the only difference, the old style Yahoo has a footer, the new style does not.