sobig and MS headers
Thomas DuVally
thomas_duvally at BROWN.EDU
Tue Aug 19 15:42:22 IST 2003
On Tue, 2003-08-19 at 10:36, Patterson S.R. wrote:
> Thomas DuVally wrote:
> > I'm getting reports of an "X-Mailscnner: Found to be clean" header in
> > the sobig.f e-mails.
> ...
> > 1) Slide through sites that don't scan twice.
> > 2) Discredit MS
> > 3) Both?
>
> Or merely:
>
> 4) The email has previously passed through a Mailscanner at another site
> without an up-to-date set of virus identitiy files?
>
Nope. I just took a closer look at the headers. The email was sent
internal to our domain and the only servers it passed through that were
running MS were our internal relays. I admin them all, so I know.
Looks to be a faked MailScanner header.
Julian, looks like the virus writers have noticed you. I'm having images
of the flaming eye in LOTR.
> Steve
> --
> Steven Patterson, MSci (Hons), Oracle Certified Professional
> Telephone Internal ext 25810, External +44 (0)2380 595810
> Oracle/Apps DBA, Information Systems Services, University of Southampton
> Get the UoS CA Certificate @ http://www.soton.ac.uk/~_sys/UoS-Root.cer
--
Thomas J. DuVally
Lead Systems Prog.
CIS, Brown Univ.
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x15F233F6
More information about the MailScanner
mailing list