Scan of incoming Yahoo mail

Discussion in 'NOD32 version 2 Forum' started by ijm51000, Sep 27, 2006.

Thread Status:
Not open for further replies.
  1. ijm51000

    ijm51000 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    Hi All

    New to eset but it seems a good product.

    I have the evaluation version for the time being, I like to see a record that all email has been scanned for a virus.

    I use Thunderbird mail on Win XP SP2 and I subscribe to a mailing list beginners@perl.org.

    It seems that most incoming email from this list has the message

    _________ NOD32 1.1771 (20060923) Information __________

    This message was checked by NOD32 antivirus system.
    http://www.eset.com

    However any email from the domain yahoo.com does not

    I have only been using the product for a few days so am unsure why this.

    My other email is very low traffic so have little but this mail list and they seem ok.

    anyone else seen this?

    All the best

    Ian
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Are you using SSL to check your mail on yahoo?
    If so, it can't be scanned since it's an encrypted line.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    For IMON to be able to check secure email such as that provided by Gmail, you'll need to install an SSL wrapper http://www.stunnel.org

    Further information can be found HERE

    Cheers :D
     
  4. ijm51000

    ijm51000 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    Hi

    Thanks for the quick response

    Let me clarify the problem a bit

    it is only received mail from Yahoo.com and when I say received I meant to say that mail sent from anyone at Yahoo.com to my mail server which is not using ssl

    Eg

    From someone@yahoo.com

    To me@bluebottle.com

    Does anyone know what tools come with perl 5.8.8?

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

    -- To unsubscribe, e-mail: beginners-unsubscribe@perl.org For additional commands, e-mail: beginners-help@perl.org <http://learn.perl.org/> <http://learn.perl.org/first-response>

    No Virus check message

    Where as the following gives the virus check message

    From someone@anyonebutYahoo.com

    To me@bluebottle.com


    Hi,

    I am extremely grateful to all those who answered my question and I am
    happy to say that I was able to get a solution to my problem from the
    suggestions and explanations given by you. I understood my mistakes and
    learned a lot from you.

    Thanks again.

    Best wishes,

    Geetha



    __________ NOD32 1.1780 (20060927) Information __________

    This message was checked by NOD32 antivirus system.
    http://www.eset.com

    Its not a major problem, well I hope its not:) just interested in case anyone had an answer.

    I will purchase the full version today as it is so much faster and caught a nasty on a friends PC when all else seemed to fail
     
  5. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    Are the messages in HTML format ? If so, it's probably due to missing HTML tags. It happens for mails sent by Hotmail webmail, and maybe by yahoo webmail too, I don't know.

    In hotmail, messages snet by the webmail interface and using HTML don't have BODY tags, so IMON doesn't know where to put it's notification message.
    You may want to check, if the message is HTML, the source code of it, maybe that's where the problem lies.
     
  6. ijm51000

    ijm51000 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    Hi IcePanther

    They are plain text but you have I believe hit on the answer, though not sure why

    This is the last part of a header of a Yahoo email

    --------------------Start of example------------------

    MIME-Version: 1.0
    Content-Type: text/plain; charset=iso-8859-1
    Content-Transfer-Encoding: 8bit
    X-Virus-Scanned: ClamAV 0.88.4/1948/Wed Sep 27 09:03:03 2006 on mx1.bluebottle.com
    X-Virus-Status: Clean
    X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx1.bluebottle.com
    Trusted-Delivery-Validation-State: Not validated

    ----------------End example--------------------

    And this is the last part of a header of another email that gives the virus check message

    -------------------start example---------------------

    X-Virus-Checked: Checked
    X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on mx0.bluebottle.com
    X-Virus-Status: Clean
    X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx0.bluebottle.com
    Trusted-Delivery-Validation-State: Not validated

    ------=_NextPart_000_0001_01C6E301.2CEF71C0
    Content-Type: text/plain;
    charset="us-ascii"
    Content-Transfer-Encoding: 7bit

    -----------end example-------------------

    In both examples the message body follows the last line of the example given

    I notice two things

    1. the working example declares content type and encoding just before the message body, the none working example (Yahoo) declares it well before

    2. The working example is 7 bit encoding, Yahoo is 8 bit

    do you think this is the cause?

    All the best

    Ian
     
  7. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    I'm sorry but I can't help you much with that since I don't know much about mail headers, but maybe someone else will be able to help you more about that.
     
  8. ijm51000

    ijm51000 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    Hi IcePanther

    Not a problem, thank you for your interest

    For anyone else that is interested a quick update

    Where the content type/encoding and character set is in the email does not make a difference. I have just received an email from gmail.com which had the NOD 32 checked for virus message embedded and it resembled the Yahoo email apart from one thing!! The character encoding is 7 bit in google as opposed to 8 bit in Yahoo.

    This could of course be a red herring but its all I have at the moment, if someone could send me an email from any account but yahoo.com with 8 bit encoding I will see if the email has the NOD 32 message sating it has been scanned and then I may be able to say if its the encoding or not

    All the best
    ian.macdonald @ bluebottle.com
     
    Last edited by a moderator: Sep 28, 2006
  9. ijm51000

    ijm51000 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    OK so I reactivate my Yahoo email account and get the offer of the new beta version, but first I use the old version to send myself an email here is the result

    --------------Start of part of header and body Yahoo old style-----------

    From: Ian John <ijm51000 @ yahoo.co.uk>
    Subject: Test for the virus scan message
    To: ian.macdonald @ bluebottle.com
    MIME-Version: 1.0
    Content-Type: text/plain; charset=iso-8859-1
    Content-Transfer-Encoding: 8bit
    X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on mx1.bluebottle.com
    X-Virus-Status: Clean
    X-Spam-Status: No, score=3.1 required=15.0 tests=BAYES_00,DK_POLICY_SIGNSOME,
    DK_POLICY_TESTING,DK_SIGNED,DK_VERIFIED,DNS_FROM_RFC_ABUSE,
    DNS_FROM_RFC_POST,DRUGS_ERECTILE,DRUGS_ERECTILE_OBFU,FUZZY_VPILL
    autolearn=no version=3.1.5
    X-Spam-Level: ***
    X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx1.bluebottle.com
    Trusted-Delivery-Validation-State: Not validated

    Does Nod check this



    ___________________________________________________________
    All New Yahoo! Mail – Tired of Vi@gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html

    ------------End----------------------

    As we can see no NOD32 message, next Yahoo beta test email

    --------------Start of part of header and body Yahoo Beta mail-----------

    From: Ian John ijm51000 @ yahoo.co.uk
    Reply-To: Ian John ijm51000 @ yahoo.co.uk
    Subject: this is a test of the virus check message
    To: ian.macdonald @ bluebottle.com
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on mx0.bluebottle.com
    X-Virus-Status: Clean
    X-Spam-Status: No, score=-0.7 required=15.0 tests=BAYES_00,DK_POLICY_SIGNSOME,
    DK_POLICY_TESTING,DK_SIGNED,DK_VERIFIED,DNS_FROM_RFC_ABUSE,
    DNS_FROM_RFC_POST autolearn=no version=3.1.5
    X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mx0.bluebottle.com
    Trusted-Delivery-Validation-State: Not validated

    Yahoo mail beta test of NOD32



    __________ NOD32 1.1781 (2006092:cool: Information __________

    This message was checked by NOD32 antivirus system.
    http://www.eset.com



    ---------------End-----------------------------------


    And we have the NOD32 virus check message, difference does seem to be the encoding as the beta message is set to US ASCII and the old style is 8 bit.

    I know it seems a bit trivial, but I am now interested

    Regards

    Ian
     
    Last edited by a moderator: Sep 29, 2006
  10. ijm51000

    ijm51000 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    Sorry, tried to edit my last reply and posted instead.

    The 8 & 7 bit encoding is not the only difference, the old style Yahoo has a footer, the new style does not.
     
Thread Status:
Not open for further replies.