What's Going on here?
Mike Kercher
mike at CAMAROSS.NET
Fri Aug 29 22:17:25 IST 2003
I always use Sophos.install.
I don't think Sophos caught it all as I don't run sweep by itself. Just the
filename rule was hit.
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Friday, August 29, 2003 4:11 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: What's Going on here?
At 22:03 29/08/2003, you wrote:
>I've seen several emails come through that look like they got past
>Sophos, but the filename alone caught it. For the most part, Sophos
>says the attachment is infected with Sobig. Thoughts?
So Sophos within MailScanner didn't get them but Sophos outside it did? Did
you use Sophos.install?
>Mike
>
>
>-----Original Message-----
>From: Antivirus at CamaroSS.net [mailto:AntiVirus at CamaroSS.net]
>Sent: Friday, August 29, 2003 3:31 PM
>To: mike at CamaroSS.net
>Subject: Warning: E-mail viruses detected
>
>
>The following e-mail messages were found to have viruses in them:
>
> Sender:
>IP Address: 65.107.235.188
> Recipient: user at domain.com
> Subject: Undelivered Mail Returned to Sender
> MessageID: h7TKUn909224
> Report: Shortcuts to MS-Dos programs are very dangerous in email
>(your_details.pif)
> No programs allowed (your_details.pif)
>
>Full headers are:
>
> Return-Path: <g>
> Received: from the-man.emailheads.net ([65.107.235.188])
> by genesis.camaross.net (8.11.6/8.11.6) with ESMTP id h7TKUn909224
> for <user at domain.com>; Fri, 29 Aug 2003 15:30:49 -0500
> Received: from chico.emailheads.net (chico.emailheads.net
[65.107.235.186])
> by the-man.emailheads.net (Postfix) with ESMTP id 9A4987789C
> for <user at domain.com>; Fri, 29 Aug 2003 13:08:42 -0700 (PDT)
> Received: by chico.emailheads.net (Postfix)
> id 44D3F13B00; Fri, 29 Aug 2003 13:34:14 -0700 (PDT)
> Date: Fri, 29 Aug 2003 13:34:14 -0700 (PDT)
> From: MAILER-DAEMON at chico.emailheads.net (Mail Delivery System)
> Subject: Undelivered Mail Returned to Sender
> To: user at domain.com
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
> boundary="03AE513AF8.1062189254/chico.emailheads.net"
> Message-Id: <20030829203414.44D3F13B00 at chico.emailheads.net>
>
>
>--
>MailScanner
>Email Virus Scanner
>www.mailscanner.info
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support
More information about the MailScanner
mailing list