There seems to be a wave of malware emails for which Amavis complains about a bad
header, and then apparently skips the attachment scanning. So the mail goes through.
This is the header which Amavis adds to the email:
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: couldn't parse head;
error near:; Content-Transfer-Encoding: base64
Is there anything that can be done about that?
First, I don't really see what the MIME error may be. Nor does Thunderbird, which can
extract the attachment.
Is there a way to ask amavis to check a single mail from the command-line with
debugging output?
This is how one such mail looks. Maybe someone can spot what Amavis doesn't like in
the headers?
Content-Type: multipart/mixed;
boundary="Apple-Mail=_66C921A9-3A78-2C0E-11CD-CB91C8E60FBA"
...
Mime-Version: 1.0 (Mac OS X Mail 9.3 (3124))
--Apple-Mail=_66C921A9-3A78-2C0E-11CD-CB91C8E60FBA
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
Dear hostmaster,
[etc.]
--Apple-Mail=_66C921A9-3A78-2C0E-11CD-CB91C8E60FBA
Content-Disposition: inline; filename="hostmaster_document_4876E9.rar"
Content-Type: application/octet-stream; x-unix-mode=0600;
name="hostmaster_document_4876E9.rar"
Content-Transfer-Encoding: base64
UmFyIRoHAM+QcwAADQAAAAAAAADN9nQgkCYAxwUAAE8hAAACsaEbYEZ1fkgdMwEAIgAAADMA
[etc.]
bUB+83/0xD17AEAHAA==
--Apple-Mail=_66C921A9-3A78-2C0E-11CD-CB91C8E60FBA--
I don'twant to just blindly block any email with a bad header, from fear of blocking
too many normal mails sent by a stupid client program.
