ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
LibClamAV Warning: messageFindArgument: no '=' sign found in
christophe Leroy


Joined: 30 Dec 2006
Posts: 5
Reply with quote
Can you explain me this error message ?

another :

LibClamAV Warning: Multipart MIME message contains no boundaries


Thanks
View user's profileSend private message
MIME With No Boundaries
GuitarBob


Joined: 09 Jul 2006
Posts: 4644
Location: USA
Reply with quote
Opinion from a "non-expert":

If you have other security software that kicks in before ClamWin, I suppose it could mean that software stripped a virus or spyware from the message. If not, then it could be an attempt to initiate a Denial of Service by overflowing.

Regards,
View user's profileSend private message
christophe Leroy


Joined: 30 Dec 2006
Posts: 5
Reply with quote
I'd installed clamwin 0.88.5 + Winpooch with Windows2000 ;

I'd changed to winXP and I only use clamWin 0.88.7 ; I didn't wanted install Winpooch

The pb is 48H of scanning. A this time, the scan is not finish !! But during, clamwin found a virus. I need to wait the end of the scan.

Thanks
View user's profileSend private message
Re: LibClamAV Warning: messageFindArgument: no '=' sign foun
b0ne


Joined: 26 Oct 2006
Posts: 174
Reply with quote
christophe Leroy wrote:
Can you explain me this error message ? another : LibClamAV Warning: Multipart MIME message contains no boundaries


Have you ever looked at the source of an email message with an attachment(s)? Most likely this error is some what diagnostic as a file it has scanned does not conform to to the standard for a multiple-part mime encoded file, typically an email. Think of it kind of like an html tag.
Code:
<mimeboundary1>  </mimeboundary1>
, if you have multiple parts without those tags, how do you know where to start and end? This is just my assumption though.

RFC 1341MIME: Multipurpose Internet Mail ExtensionsJune 1992


7.2 The Multipart Content-Type

In the case of multiple part messages, in which one or more
different sets of data are combined in a single body, a
"multipart" Content-Type field must appear in the entity's
header. The body must then contain one or more "body parts,"
each preceded by an encapsulation boundary, and the last one
followed by a closing boundary. Each part starts with an
encapsulation boundary, and then contains a body part
consisting of header area, a blank line, and a body area.
Thus a body part is similar to an RFC 822 message in syntax,
but different in meaning.
View user's profileSend private message
christophe Leroy


Joined: 30 Dec 2006
Posts: 5
Reply with quote
I stopped the scan at the end of 55H because it was too long and slow. But

clamwin scan memory saw one virus which is called internet.exe

Code:
Scan started: Sat Dec 30 22:42:55 2006

 *** Scanning Programs in Computer Memory ***

C:\WINDOWS\System32\lnternet.exe: Exploit.DCOM.Gen FOUND
Unloading program C:\WINDOWS\System32\lnternet.exe from memory

 *** Scanned 23 processes - 369 modules ***
 *** Computer Memory Scan Completed ***


clamwin scan files and found this one

Code:
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Dialer.exe.000.000: Dialer-122 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Dialer.exe.000.000: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Dialer.exe.000.000.000'


I destroyed this .exe, but I am anxious & skeptical

I reboot my PC, I started clamwin scan memory and it saw again the virus internet.exe

I started clamwin scan files & It began the error message of this post :

Code:

C:\Documents and Settings\All Users\Menu D?©marrer\Programmes\Canon PhotoRecord\Fichier LISEZ-MOI de PhotoRecord.lnk: C:\DocumentC:\Documents and Settings\All Users\Menu D?©marrer\Programmes\C:\Documents and Settings\All Users\Menu D?©marrer\Programmes\XviD\Some LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: messageFindArgument: no '=' sign found in MIME header
LibClamAV Warning: messageFindArgument: no '=' sign found in MIME header
LibClamAV Warning: Multipart MIME message contains no boundaries


The scan became slow at this moment :

Code:

LibClamAV Warning: messageFindArgument: no '=' sign found in MIME header
LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: messageFindArgument: no '=' sign found in MIME header
LibClamC:\Documents and Settings\leroy\Application Data\Thunderbird\Profiles\l5syi7wp.default\Mail\Local Folders\Inbox: [|]


I waited the end of scan

Scan started: Sun Dec 31 00:48:17 2006


[code]
-- summary --
Known viruses: 85591
Engine version: 0.88.7
Scanned directories: 2914
Scanned files: 33441
Infected files: 0
Data scanned: 19009.84 MB
Time: 32887.719 sec (548 m 7 s)[\code]

I am anxious & skeptical again ; I scan the memory and internet.exe appears

[code]
Scan started: Sun Dec 31 17:01:38 2006

*** Scanning Programs in Computer Memory ***

C:\WINDOWS\System32\lnternet.exe: Exploit.DCOM.Gen FOUND
Unloading program C:\WINDOWS\System32\lnternet.exe from memory

*** Scanned 24 processes - 377 modules ***
*** Computer Memory Scan Completed ***


-- summary --
Known viruses: 85591
Engine version: 0.88.7
Scanned directories: 0
Scanned files: 401
Infected files: 1
Data scanned: 129.33 MB
Time: 144.484 sec (2 m 24 s)[/code]

In fact, there is a virus that clamwin don't see and who appears when I start my PC

I put the task manager of windows

View user's profileSend private message
Infection
GuitarBob


Joined: 09 Jul 2006
Posts: 4644
Location: USA
Reply with quote
My opinion--for what it's worth:

I didn't seen anything in your last ClamWin log saying ClamWin had quarantined anything. Make sure quarantine is on. There may be infector code that Clamwin doesn't recognize. Some viruses are multi-part. If you can identify the virus by name, try to do a search on the Web for information about it. That might tell you where it "hooks" into your system, which might help with removal.

For other removal help, you could try the free Microsoft Malicious Software Removal Tool (Run it--you don't have to permanently download it on your system), LavaSoft's free Ad-Aware, or a free scan at one of the antivirus firm's Web sites.
Failing everything, I would download the trial version of Kaspersky or NOD32--make sure they have the virus in their databases firs.


Good luck.

Regards,
View user's profileSend private message
christophe Leroy


Joined: 30 Dec 2006
Posts: 5
Reply with quote
The quarantine is ok



I Dowloaded Lavasoft Ad-Aware & scan c:





Very crazy, but you become to know me, I am anxious & skeptical

So, I restart my PC & internet.exe re-appears. Now I download Kaspersky trial
View user's profileSend private message
christophe Leroy


Joined: 30 Dec 2006
Posts: 5
Reply with quote
Before, when I restarted, I re-scaned the memory with clamwin




I donwloaded Kaspersky® Internet Security 6.0 (spam, spyware, antivirus, firewall ... etc ...). It's necessary to delete clamwin to install Kaspersky

I scan my computer, but internet.exe was running in the memory ; Kaspersky Internet security didn't see it.

Result :



So, Kapersky restarts the computer & I run tasks manager : Internet.exe is always in the memory

I decided to go back to french Kaspersky to download the trial antivirus Pro 30 Days :



Virus names with Kaspersky, Lavasoft didn't see this ad-aware



internet.exe is a trojan !





It's finish because I checked tasks manager

Thanks so much for yours helps

Happy new year 2007

Christophe
View user's profileSend private message
Internet Virus
GuitarBob


Joined: 09 Jul 2006
Posts: 4644
Location: USA
Reply with quote
I'm glad you got rid of the virus.

I'm surprised Kaspersky made you take ClamWin off your computer, but they are very at marketing. You may be able to restore ClamWin after setting up Kaspersky. I noticed that you didn't have it set to quarantine any virus.

Many of the viruses around now are used to make money, and they are going to be tough to get rid of. All of us who use the Internet heavily need a good resident antivirus program that also handles the real dangerous spyware/adware in wide circulation. Hopefully ClamWin will be upgraded to resident status this year. You can't beat the price! Until then, it makes a good backup to a resident scanner.

Regards,
View user's profileSend private message
LibClamAV Warning: messageFindArgument: no '=' sign found in
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic