Possible Microsoft security vulnerability attack?

Julian Field mailscanner at ecs.soton.ac.uk
Sun Sep 29 14:47:14 IST 2002 

If you had read the ChangeLog, you would have seen this:

>Version 3.23-3
>==============
>The <IFrame> tag check is now configurable with an "Allow IFrame Tags" option.
>
>Version 3.23-2
>==============
>Fixed bug making the maillog swear like a trooper :-)
>
>Version 3.23-1
>==============
>Added traps for all known Outlook, IE and Eudora security vulnerabilities,
>and MailScanner now catches all of the GFI email security tests. This
>makes MailScanner a complete e-mail security system, rather than just
>being a virus scanner.
>See http://www.gfi.com/emailsecuritytest for information about these tests.

I think that says it all. Please read the docs before posting here :-)

At 04:10 29/09/2002, you wrote:
>Dear All,
>
>Sorry again for another question as below mail, I think it is just a
>subscripted maillist from our user, but why was rejected? and where to
>enable/disable?
>
>OS:RH7.3
>MailScanner:3.23-4
>
>
>Thanks!
>
>
>----- Original Message -----
>From: "MailScanner" <postmaster at hsm.abcshk.com>
>To: <postmaster at hsmlx1.abcshk.com>
>Sent: Sunday, September 29, 2002 10:49 AM
>Subject: Warning: E-mail viruses detected
>
>
> > The following e-mail messages were found to have viruses in them:
> >
> >     Sender: <mlist at return.cn99.com>
> > IP address: 202.108.36.141
> >  Recipient: <yandongbo at hsm.sanyoshk.com>
> >    Subject: ÍøÂçÔÓÖ¾½éÉÜ,Ãâ·Ñ¶©ÔÄ.
> >  MessageID: g8T2nZv08164
> >     Report: Possible Microsoft security vulnerability attack
> >
> > Full headers are:
> >  Return-Path: <$g>
> >  Received: from listserv.cn99.com ([202.108.36.141])
> >   by hsmlx1.abcshk.com (8.11.6/8.11.6) with ESMTP id g8T2nZv08164
> >   for <yandongbo at hsm.abcshk.com>; Sun, 29 Sep 2002 10:49:35 +0800
> >  Received: from bj2.cn99.com (unknown [202.108.36.143])
> >   by listserv.cn99.com (Postfix) with SMTP
> >   id 2100B929F3; Sun, 29 Sep 2002 10:49:36 +0800 (CST)
> >  Sender: pazhou_alive-owner at list.cn99.com
> >  List-Unsubscribe: pazhou_alive-request at list.cn99.com?body=unsubscribe
> >  List-Subscribe: pazhou_alive-request at list.cn99.com?body=subscribe
> >  List-Help: bentium at list.cn99.com
> >  List-Archive: http://list.cn99.com/cgi-bin/get_lsts?listname=pazhou_alive
> >  Reply-To: mlist at return.cn99.com
> >  X-Loop: list.cn99.com
> >  Received: by list.cn99.com (Bentium hermes v 1.0); Sun, 29 Sep 2002
>10:49:07 +0800
> >  Precedence: bulk
> >  Delivered-To: pazhou_alive at list.cn99.com
> >  Received: from bj2.cn99.com (bj2.cn99.com [202.108.36.143])
> >   by list.cn99.com (Postfix) with ESMTP id 764825E178
> >   for <pazhou_alive at list.cn99.com>; Sun, 29 Sep 2002 10:49:07 +0800 (CST)
> >  Received: from 211.159.0.66
> >  Message-ID: <7107741.1033267747479.JavaMail.bentium at list.cn99.com>
> >  From: pazhou_alive <pazhou_alive-owner at list.bentium.net>
> >  To: pazhou_alive at list.cn99.com
> >  subject: ÍøÂçÔÓÖ¾½éÉÜ,Ãâ·Ñ¶©ÔÄ.
> >  Mime-Version: 1.0
> >  Content-Type: text/html; charset=GBK
> >  Content-Transfer-Encoding: base64
> >  Date: Sun, 29 Sep 2002 10:49:07 +0800 (CST)
> >
> > --
> > MailScanner
> > Email Virus Scanner
> >

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list