sobig virus
Matthew Bowman
mbowman at UDCOM.COM
Wed Aug 20 18:02:53 IST 2003
I am getting a lot of these too. My understanding its because the e-mail
is being sent to a machine that doesn't have MailScanner. Perhaps the
culprits are port scanning 25 and are emailing the servers directly and
avoiding the Primary MX (which in our case has mailscanner running)
Matthew
Julian Field <mailscanner at ECS.SOTON.AC.UK>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
08/20/2003 12:22 PM
Please respond to MailScanner mailing list
To: MAILSCANNER at JISCMAIL.AC.UK
cc:
Subject: Re: sobig virus
At 17:09 20/08/2003, you wrote:
>Here is one from mine. that went through
>
>Received: from S0030213072
> (mul2.dsl.visi.com [209.98.144.89])
> by edenpr.k12.mn.us; Wed, 20 Aug 2003 11:01:20 -0500
>From: <kenrep at on.aibn.com>
>To: <rgrassel at edenpr.k12.mn.us>
>Subject: Re: Wicked screensaver
>Date: Wed, 20 Aug 2003 10:59:53 --0500
>X-MailScanner: Found to be clean
>Importance: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>X-MSMail-Priority: Normal
>X-Priority: 3 (Normal)
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
> boundary="_NextPart_000_245BAC29"
>
>This is a multipart message in MIME format
>
>--_NextPart_000_245BAC29
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>
>Please see the attached file for details.
>--_NextPart_000_245BAC29
>Content-Type: application/octet-stream;
> name="details.pif"
>Content-Transfer-Encoding: base64
>Content-Disposition: attachment;
> filename="details.pif"
So if it got through MailScanner, where are the headers showing it? (And I
don't mean the "X-MailScanner: Found to be clean" that was in the original
virus sent to you).
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list