Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Malformed container violation
- Dick Hoffman
July 7, 2005, 8:44 pm
rate this thread
containing purported viruses and notifies me of these events with the
Virus Detected: Malformed container violation'
followed by From and To information to tell me where the email came from
(the virus involved is not identified). What are they telling me? What
is a "malformed container violation"?
Re: Malformed container violation
Have you asked them?
Probably the "Incorrect MIME type" exploit used by many email vector
worms is what is being noticed by their scanner. If the "Content Type"
is "audio/x-wav" and the file's name is "something.exe" there is a
mismatch that allows unpatched systems to execute the "something.exe"
without the user's permission (the IE/OS combo thinks it is a wave file
for background sound and stupidly without verifying passes the exe to
the loaders). No legitimate email should have such a mismatch, so it is
probably safe for them to delete it. Email is not infectable, but is
often a container for content which 'is' infectable. Some malformed
containers make the container into an exploit trojan by exploiting flaws
in the application (mail client) or OS it is running on to circumvent
the security permissions set and automatically execute the attached or
included malicious content. Others can be malicious in themselves by
buffer overflow - the exploit trojan itself allows arbitrary code
execution (the "Malformed E-mail Header Exploit" was of this second
- » Installed NAV2004 now Outlook Express Newsgroup's won't connect
- — Next thread in » Anti-Virus Software
- » AVG Free stopped working. Now will not load, repair or remove.
- — Previous thread in » Anti-Virus Software