Cryptic message in email by Semantec

Discussion in 'other anti-virus software' started by HandsOff, Jul 27, 2007.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    This message has been processed by Symantec's AntiVirus Technology.

    Unknown00000000.data was not scanned for viruses because too many nested levels
    of files were found.


    I don't really know what this means, does anybody?


    I get this when I receive an email from someone I know who uses a Yahoo email address. The message itself it just words, no attachments, however, I think Semantec's attached message makes it look as though there is an attachment. I get the paper clip that is the universal sign for an attachment, but there is no attachment other than Symantec's cryptic warning, and that is not truly and attachment because I do not have the choice of opening it or not. It simply presents itself at the top of the email before the real email starts, and it is also just plain letters. I don't know if it is simple text, or formatted, but it looks pretty simple.

    And what the H___ kind of attitude is "Not checked because...." That leaves a pretty easy method for circumventing the virus scanner don't you think? What about delete it if you cannot scan it? Maybe it was deleted you say? No. Three messages in a row, all short, and with no mention of an attachment.


    HandsOff



    -HandsOff
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    iirc The message means the file is an archive bomb, a file that is compressed numerous times.

    Symantec AV is only set to extract upto a certain number of "levels" and the file in question has many.
     
  3. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    No they should NOT delete it because it is an archive e.g. zip, RAR etc. These files pose no threat because they can't be executed, only extracted. You're getting the error msg because, like the poster above said, its got too many levels i.e. a file within a zip file which itself is in a zip file which itself is in a zip file etc. -> the reason they don't bother scanning this is because it poses no harm and it'd take too long to extract so many different levels. Note that we're talking 20+ levels here. If you end up extracting all those levels and getting the final file which happens to be executable, your scanner will scan it. In this way nothing is circumvented.

    As for your case either symantec is playing up, or there really is an attachment which symantec has replaced with non-malicious text file informing you of the error. Maybe its in quarantine.
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It means already compresssed files were compressed again and again and again, containing several layers of archives.
     
  5. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    First of all, thanks for your responses, and I think I have a guess as to what is happening here. I will then go on to point out the inadequacy of Semantec's response.

    If I am right this probably happens quite a bit, and would certainly justify an action on the part of a virus scanner that includes being coherent!

    You know how when you send an email, the person receiving it will often be adding their own response to the top (or bottom) of your original message, so if they reply back to you, you will get their response, along with your initial message. Now, if you are like me, you certainly will not let the other person have the last word, so you reply back. They subsequently open an email that includes the original message, their response, and your response to their response. And that is only the beginning.

    Wilders private messages function in this manner - Though with something that might be regarded as a built in limiting factor - The Wilders messages you recall, actually indent the blocks of messages in a way that graphically represents the nested structure complete with lines that depict each level. There are only so many levels that one can go before there is no longer any column width to contain text.

    Sort of a long explanation, but maybe it is useful to illustrate a situation that probably happens quite often.

    I don't agree that it is "safe". The fact that the lame message is made in the first place supports this. My scanner will detect it when it is extracted, while possibly true is just another way of saying there was no need for Semantec to scan email attachments in the first place.

    Another sort of lame facet to this behavior is that Semantec does not state when, and at what point in the delivery the scan is being made. I am guessing it is being scanned at the point of origination (the other end) because my ISP, nor my computer have Semantec installed, however, if I did, then the ambiguity of "This email attachment was scanned..." is both irritating and unnecessary.

    But many thanks for your guys input, because it did provide a lot of concepts to think about. And yeah, it is very likely safe, but it still might be a situation to avoid. Nice to hear from you!

    -HandsOff
     
Loading...
Similar Threads
  1. trjam
    Replies:
    3
    Views:
    543
Thread Status:
Not open for further replies.