I recently received some strange emails from the Sophos scanner on my Mac OS X workstation while it was scanning my email box. I am including an example of the report at the bottom of this message. The last line appears to be a base64 encoded binary that completely bypasses the normal formatting for reports of detected threats. Could this be an indicator of an exploitable vulnerability in the scanner or unarchiving code in the Sophos software?
I have other emails with "payloads" as large as approximately 46KB. My Sophos install is:
Version 7.3.12
Threat detection engine: 3.32.0
Threat data: 4.78
Release date: June 4, 2012
... which appears to be fairly recent.
Sophos Anti-Virus report from computer straylight
2012-08-22 01:03:53 -0700 Threat: 'Troj/BagleDl-A' detected in /.../Users/.../Library/Mail/IMAP-...@.../....imapmbox/Attachments/.../fotos.zip/foto/foto.html
2012-08-22 01:03:53 -0700 Threat: 'Troj/BagDl-Gen' detected in/.../Users/.../Library/Mail/IMAP-...@.../....imapmbox/Attachments/.../fotos.zip/foto/foto/foto1.exe/FILE:0000
2012-08-22 01:03:53 -0700 Threat: 'Troj/BagDl-Gen' detected in/.../Users/.../Library/Mail/IMAP-...@.../....imapmbox/Attachments/.../fotos.zip/foto/foto/foto1.exe
2012-08-22 01:03:53 -0700 Threat: dUcm9qL0JhZ2xlRGwtQScgZGV0ZWN0ZWQgaW4gL1ZvbHVtZXMvVmlydHVhbE1hY2hpbmVJbWFnZXMwL1VzZXJzL2FuZHkvTGlicmFyeS9NYWlsL0lNQVAtaGVsc2xleWFAaW1hcC5jcy51Y3IuZWR1L0FDTS9AVUNSLmltYXBtYm94L0F0dGFjaG1lbnRzLzQxMTc5LzIvZm90b3MuemlwCg==
This thread was automatically locked due to age.
