What's Going on here?

[Mike Kercher]

I've seen several emails come through that look like they got past Sophos,
but the filename alone caught it.  For the most part, Sophos says the
attachment is infected with Sobig.  Thoughts?

Mike


-----Original Message-----
From: Antivirus at CamaroSS.net [mailto:AntiVirus at CamaroSS.net] 
Sent: Friday, August 29, 2003 3:31 PM
To: mike at CamaroSS.net
Subject: Warning: E-mail viruses detected


The following e-mail messages were found to have viruses in them:

    Sender: 
IP Address: 65.107.235.188
 Recipient: user at domain.com
   Subject: Undelivered Mail Returned to Sender
 MessageID: h7TKUn909224
    Report: Shortcuts to MS-Dos programs are very dangerous in email
(your_details.pif)
            No programs allowed (your_details.pif)

Full headers are:

 Return-Path: <g>
 Received: from the-man.emailheads.net ([65.107.235.188])
        by genesis.camaross.net (8.11.6/8.11.6) with ESMTP id h7TKUn909224
        for <user at domain.com>; Fri, 29 Aug 2003 15:30:49 -0500
 Received: from chico.emailheads.net (chico.emailheads.net [65.107.235.186])
        by the-man.emailheads.net (Postfix) with ESMTP id 9A4987789C
        for <user at domain.com>; Fri, 29 Aug 2003 13:08:42 -0700 (PDT)
 Received: by chico.emailheads.net (Postfix)
        id 44D3F13B00; Fri, 29 Aug 2003 13:34:14 -0700 (PDT)
 Date: Fri, 29 Aug 2003 13:34:14 -0700 (PDT)
 From: MAILER-DAEMON at chico.emailheads.net (Mail Delivery System)
 Subject: Undelivered Mail Returned to Sender
 To: user at domain.com
 MIME-Version: 1.0
 Content-Type: multipart/report; report-type=delivery-status;
        boundary="03AE513AF8.1062189254/chico.emailheads.net"
 Message-Id: <20030829203414.44D3F13B00 at chico.emailheads.net>


-- 
MailScanner
Email Virus Scanner
www.mailscanner.info