Blindsided...

Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Mon Dec 15 18:55:25 GMT 2003 

OK.  I guess I'll eat crow for breakfast this morning.  I waded through old
warnings and discovered the following:

============================================================================
====
The following e-mail messages were found to have viruses in them:

    Sender:
owner-htmlquicknews*some_user**ci*-juneau*-ak*-us at cnnimail23.cnn.com
IP Address: 64.236.25.79
 Recipient: some_user at ci.juneau.ak.us
   Subject: Vaccine runs low with flu peak yet to come
 MessageID: hBBBJZXX021840
    Report: MailScanner: Found dangerous IFrame tag in HTML message

Full headers are:

 Return-Path: <?g>
 Received: from cnnimail22.cnn.com (cnnimail22.cnn.com [64.236.25.79])
        by mis-mxg-lnx.ci.juneau.ak.us (8.12.3/8.12.3/SuSE Linux 0.6) with
SMTP id hBBBJZXX021840
        for <some_user at CI.JUNEAU.AK.US>; Thu, 11 Dec 2003 02:20:52 -0900
 Message-Id: <200312111120.hBBBJZXX021840 at mis-mxg-lnx.ci.juneau.ak.us>
 Received: from cnnimail23 (cnnimail23.turner.com) by cnnimail22.cnn.com
(LSMTP for Windows NT v1.1b) with SMTP id <23.00016276 at cnnimail22.cnn.com>;
Thu, 11 Dec 2003 6:18:10 -0500
 X-mailed-to: some_user at CI.JUNEAU.AK.US
 From: CNN AM QuickNews <mailings at mail.cnn.com>
 To: some_user at CI.JUNEAU.AK.US
 Date: Thu, 11 Dec 2003 06:18:06 -0500
 Subject: Vaccine runs low with flu peak yet to come
 Content-type: text/html
============================================================================
====

I didn't think I was getting iframe warnings, but obviously I am, so I guess
I was just asleep at the wheel.  What else is new? <g>

Sorry, & thanks for the quick responses...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500


>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Monday, December 15, 2003 8:41 AM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Blindsided...
>
>
>At 17:05 15/12/2003, you wrote:
>>I also used to allow all i-frames but now whitelist
>>them which is just dapper too.  For those not whitelisted a
>message to the
>>postmaster would have been quite handy.  Or maybe there's a
>way to do that
>>already & I'm just a bonehead?
>
>Just auto-filter your postmaster notices based on some strings
>in the body
>of the message, as well as just using the headers. The message
>report is in
>the notice, you just need to use it.
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>

More information about the MailScanner mailing list