Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Mon Dec 15 18:55:25 GMT 2003

OK.  I guess I'll eat crow for breakfast this morning.  I waded through old
warnings and discovered the following:

The following e-mail messages were found to have viruses in them:

owner-htmlquicknews*some_user**ci*-juneau*-ak*-us at
IP Address:
 Recipient: some_user at
   Subject: Vaccine runs low with flu peak yet to come
 MessageID: hBBBJZXX021840
    Report: MailScanner: Found dangerous IFrame tag in HTML message

Full headers are:

 Return-Path: <?g>
 Received: from ( [])
        by (8.12.3/8.12.3/SuSE Linux 0.6) with
SMTP id hBBBJZXX021840
        for <some_user at CI.JUNEAU.AK.US>; Thu, 11 Dec 2003 02:20:52 -0900
 Message-Id: <200312111120.hBBBJZXX021840 at>
 Received: from cnnimail23 ( by
(LSMTP for Windows NT v1.1b) with SMTP id <23.00016276 at>;
Thu, 11 Dec 2003 6:18:10 -0500
 X-mailed-to: some_user at CI.JUNEAU.AK.US
 From: CNN AM QuickNews <mailings at>
 To: some_user at CI.JUNEAU.AK.US
 Date: Thu, 11 Dec 2003 06:18:06 -0500
 Subject: Vaccine runs low with flu peak yet to come
 Content-type: text/html

I didn't think I was getting iframe warnings, but obviously I am, so I guess
I was just asleep at the wheel.  What else is new? <g>

Sorry, & thanks for the quick responses...

Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Monday, December 15, 2003 8:41 AM
>Subject: Re: Blindsided...
>At 17:05 15/12/2003, you wrote:
>>I also used to allow all i-frames but now whitelist
>>them which is just dapper too.  For those not whitelisted a
>message to the
>>postmaster would have been quite handy.  Or maybe there's a
>way to do that
>>already & I'm just a bonehead?
>Just auto-filter your postmaster notices based on some strings
>in the body
>of the message, as well as just using the headers. The message
>report is in
>the notice, you just need to use it.
>Julian Field
>MailScanner thanks transtec Computers for their support
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list