3CX DLL-Sideloading attack: What you need to know

Sandstorm - Clean email sent, but contents (headers/body) mixed up

Soft Release 9.400-9

Have turned on Sandstorm for Email, and just received one that had been classified as Clean. Unfortunately the received email had lots of the headers appearing in the body section, and the files were shown as text in the email, rather than as attachments:

Return-Path: <accounts@iinet.net.au>

Delivered-To: me@bordo.com.au

Received: from astaro1.bordo.com.au (localhost [])

by mail.bordo.com.au (Postfix) with ESMTPS id 1EF216CE99B5

for <me@bordo.com.au>; Fri,  8 Apr 2016 11:22:11 +1000 (EST)

Received: from unknown ([] helo=astaro1.bordo.com.au) by

mail.bordo.com.au with SMTP (2.5.2); 8 Apr 2016 11:22:10 +1000

Received: from staff.icp-osb-irony-out6.external.iinet.net.au ([]:53490)

by astaro1.bordo.com.au with esmtp (Exim 4.82_1-5b7a7c0-XX)

(envelope-from <accounts@iinet.net.au>)

id 1aoL5W-00036t-31

for me@bordo.com.au; Fri, 08 Apr 2016 11:20:00 +1000

X-IronPort-AV: E=Sophos;i="5.24,449,1454947200"; 


Received: from unknown (HELO IEP-OSB-EGAMSG1) ([])

  by icp-osb-irony-out6.iinet.net.au with ESMTP; 08 Apr 2016 09:19:48 +0800

Date: Fri, 8 Apr 2016 09:19:48 +0800 (WST)

From: iiNet Billing Team <accounts@iinet.net.au>

Reply-To: accounts@iinet.net.au

To: me@bordo.com.au


Message-ID: <me@bordo.com.au.20160408091948.15582C5AD5A75443A821F709D7D5F039>

Subject: iiNet Invoice: #77038926

Errors-To: accounts@iinet.net.au

X-Mailer: PBBI e-Messaging Solution

X-Priority: HIGH

Charset: UTF-8

x-references: me@bordo.com.au.20160408091948.15582C5AD5A75443A821F709D7D5F039

--- Sandbox result ---

2efed5f8-e490-4c34-80c0-bdf3a1a61e4b invoice_77038926.pdf

--- Sandbox result end ---

MIME-Version: 1.0

Content-Type: multipart/mixed; 


X-Assp-ID: mail.bordo.com.au id-78530-11079

X-Assp-Session: 7F849D967740 (mail 1)




X-Assp-Envelope-From: accounts@iinet.net.au

X-Assp-Intended-For: me@bordo.com.au

X-Assp-Version: 2.5.2(16097) on mail.bordo.com.au

X-Assp-Server-TLS: yes

X-Assp-Whitelisted: Yes (whitelistdb)


Content-Type: multipart/related; 



Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

Charset: UTF-8


<!-- DOC1 Generate Build=6.0.1978.0 Date=08-04-2016 Time=09:19:43 Platform=Microsoft Windows -->



<!-- 15582C5AD5A75443A821F709D7D5F039 -->



<body bgcolor="#FFFFFF" link="#0000FF" alink="#FF0000" vlink="#AAAAAA"><table align="CENTER"><tr><td>

<table width=717 cellpadding=0 cellspacing=0 border=0><tr valign=top>

<td width=38 height=19 bgcolor="#F0F0F0">

<div align=left><br></div>


<td width=643 height=19 bgcolor="#F0F0F0">

Is the problem that a new line was put before "--- Sandbox result ---"?

(Also, none of the Email files get listed in the Sandbox Activity section).