MAILSCANNER: error report from SOUTHWESTERN.EDU
L-Soft list server at JISCMAIL (1.8d)
LISTSERV at JISCMAIL.AC.UK
Wed May 1 14:33:29 IST 2002
The enclosed message, found in the MAILSCANNER mailbox and shown under the
spool ID 11251735 in the system log, has been identified as a possible delivery
error notice for the following reason: "Sender:", "From:" or "Reply-To:" field
pointing to the list has been found in mail body.
------------------------ Message in error (219 lines) -------------------------
Return-Path: <VALIANP at SOUTHWESTERN.EDU>
Received: from ori.rl.ac.uk by jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <9.000ECC82 at jiscmail.ac.uk>; Wed, 1 May 2002 14:33:29 +0100
Received: from ralph2.southwestern.edu (ralph2.southwestern.edu [161.13.1.122])
by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g41DXSg01393
for <MAILSCANNER at JISCMAIL.AC.UK>; Wed, 1 May 2002 14:33:28 +0100
Received: from southwestern.edu (zero.southwestern.edu [161.13.2.23])
by ralph2.southwestern.edu (8.11.6/8.11.6) with ESMTP id g41DWPK04006
for <MAILSCANNER at JISCMAIL.AC.UK>; Wed, 1 May 2002 08:32:25 -0500
Message-ID: <3CCFEE98.2030508 at southwestern.edu>
Date: Wed, 01 May 2002 08:33:12 -0500
From: Peter Valian <valianp at southwestern.edu>
Organization: Southwestern University
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020326
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
Subject: Re: Return-Path header corrupt in virus reports
References: <aadl4c$l59$1 at thor.wirehub.nl> <lf6mcuktdm3ng1fa2kaqpb30esnmti3nlb at hail.bengrimm.net> <5.1.0.14.2.20020429170050.033caec0 at imap.ecs.soton.ac.uk> <5.1.0.14.2.20020429211209.03193440 at imap.ecs.soton.ac.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-MailScanner: Found to be clean
OK, that was a bad example...this may be better. It was an attempt by
the mailing list smtp server to me. I am 100% M$ free. Running RedHat
Linux 7.2 and using Mozilla for mail. I see you guys are running NT.
From: "MailScanner" <virusalert at southwestern.edu>
Date: Wed, 1 May 2002 05:26:55 -0500
To: virusalert at southwestern.edu
Subject: Warning: E-mail viruses detected
The following e-mail messages were found to have viruses in them:
Sender: <owner-mailscanner at JISCMAIL.AC.UK>
Recipient: <valianp at SOUTHWESTERN.EDU>
Subject: Re: Is this possible?
MessageID: g41AFHK24325
Report: Could not parse message g41AFHK24325
Full headers are:
Return-Path: <?g>
Received: from jiscmail.ac.uk (jiscmail.ac.uk [130.246.192.48])
by ralph2.southwestern.edu (8.11.6/8.11.6) with ESMTP id g41AFHK24325
for <valianp at SOUTHWESTERN.EDU>; Wed, 1 May 2002 05:15:17 -0500
Received: from jiscmail (jiscmail.ac.uk) by jiscmail.ac.uk (LSMTP for
Windows NT v1.1b) with SMTP id <0.001B2A15 at jiscmail.ac.uk>; Wed, 1 May 2002
11:15:15 +0100
Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release
1.8d)
with spool id 11245083 for MAILSCANNER at JISCMAIL.AC.UK; Wed,
1 May
2002 11:15:15 +0100
Received: from ori.rl.ac.uk by jiscmail.ac.uk (LSMTP for Windows NT v1.1b)
with
SMTP id <9.000ECA50 at jiscmail.ac.uk>; Wed, 1 May 2002 11:15:15
+0100
Received: from gadolinium.btinternet.com (gadolinium.btinternet.com
[194.73.73.111]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id
g41AFEg25054 for <MAILSCANNER at jiscmail.ac.uk>; Wed, 1 May 2002
11:15:14 +0100
Received: from host217-39-170-149.in-addr.btopenworld.com
([217.39.170.149]
helo=thief.ecs.soton.ac.uk) by gadolinium.btinternet.com with
esmtp
(Exim 3.22 #8) id 172r8j-0005P8-00 for
MAILSCANNER at JISCMAIL.AC.UK;
Wed, 01 May 2002 11:15:13 +0100
X-Sender: jkf at imap.ecs.soton.ac.uk (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <5.1.0.14.2.20020501111238.035385e0 at imap.ecs.soton.ac.uk>
Date: Wed, 1 May 2002 11:13:15 +0100
Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
Sender: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
From: Julian Field <jkf at ECS.SOTON.AC.UK>
Subject: Re: Is this possible?
To: MAILSCANNER at JISCMAIL.AC.UK
In-Reply-To: <00ae01c1f046$eebb8c10$48cf75cc at fizz>
--
MailScanner
Email Virus Scanner
Julian Field wrote:
> What has that bounce got to do with $g? The "unparsable" error message is
> due to the TNEF decoder not being able to handle the weird and wonderful
> TNEF formats that some versions of Outlook produce. It's nothing to do with
> the Return-Path:, which MailScanner makes no use of.
>
> At 17:24 29/04/2002, you wrote:
>
>> Well, here's an example bounce:
>>
>> Date: Thu, 25 Apr 2002 12:02:52 -0500
>> From: "MailScanner" <virusalert at southwestern.edu>
>> To: <leslie1 at colleges.org>
>> Subject: Warning: E-mail error detected
>> X-MailScanner: Found to be clean
>>
>> Our virus detector failed to completely analyse a message you sent:-
>> To: <haskell1 at southwestern.edu>, <morrell1 at rhodes.edu>,
>> <bonefas1 at colleges.org>, <MGarriso1 at Trinity.edu>
>> Subject: Re: Montgomery
>> Date: Thu Apr 25 12:02:52 2002
>> Any parts of the message that could not be analysed will not have been
>> delivered.
>>
>> If you are using Microsoft Outlook, we strongly recommend you change your
>> outgoing message format from "Rich Text" to "HTML" or "Plain Text".
>>
>> The virus detector said this about the message:
>> Report: Could not parse message g3PH2oK27075
>> --
>> MailScanner
>> Email Virus Scanner
>>
>>
>> Julian Field wrote:
>>
>>> At 16:52 29/04/2002, you wrote:
>>>
>>>> If someone knows how to fix this please tell me. I have been
>>>> struggling
>>>> with it for several months now. I believe these messages are lost. Im
>>>> getting ready to abandon mailscanner because I don't see a way to fix
>>>> it. I don't want to leave mailscanner but i cannot sit here and lose
>>>> mail.
>>>
>>>
>>>
>>> Can you explain why you think you might be losing mail because of
>>> this? I
>>> haven't seen any evidence of this happening.
>>>
>>>> Ben C. O. Grimm wrote:
>>>>
>>>>> On 27 Apr 2002 09:48:28 +0200, Mike Zanker <mike at ZANKER.ORG> wrote:
>>>>>
>>>>>
>>>>>> I've noticed that the postmaster virus report always seems to have
>>>>>> the
>>>>>> same corrupt Return-Path header, e.g.
>>>>>>
>>>>>> Full headers are:
>>>>>> Return-Path: <?g>
>>>>>>
>>>>>> Is this a bug or my misconfiguration somewhere?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> It looks like soms kind of Sendmail emulation that doesn't quite work
>>>>> yet.
>>>>> In Sendmailese, the Return-Path has this format:
>>>>>
>>>>> H?P?Return-Path: <$g>
>>>>>
>>>>> --
>>>>> - Ben C. O. Grimm ----------------- Ben.Grimm at wirehub.net -
>>>>> - Wirehub! Internet Engineering - http://www.wirehub.net/ -
>>>>> - Wirehub! Backbone --- http://doema.wirehub.net/wirehub/ -
>>>>> - Private Ponderings ----------- http://www.bengrimm.net/ -
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Peter Valian
>>>> Network & Systems Administrator
>>>> Southwestern University
>>>> Georgetown, Texas
>>>> 512.863.1586 office
>>>> 512.863.1605 fax
>>>> --
>>>
>>>
>>>
>>> --
>>> Julian Field Teaching Systems Manager
>>> jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
>>> Tel. 023 8059 2817 University of Southampton
>>> Southampton SO17 1BJ
>>
>>
>>
>>
>> --
>> Peter Valian
>> Network & Systems Administrator
>> Southwestern University
>> Georgetown, Texas
>> 512.863.1586 office
>> 512.863.1605 fax
>> --
>
>
> --
> Julian Field Teaching Systems Manager
> jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
> Tel. 023 8059 2817 University of Southampton
> Southampton SO17 1BJ
--
Peter Valian
Network & Systems Administrator
Southwestern University
Georgetown, Texas
512.863.1586 office
512.863.1605 fax
--
More information about the MailScanner
mailing list