OT: Particular String showing up today

hermit921 hermit921 at YAHOO.COM
Tue Apr 20 20:53:10 IST 2004


We got hit with some from another campus this morning, and scores of
computers here are now contributing.  Neither of our virus scanners
(Norton, Sophos) see it as a virus, but someone told me that Antigen
does.  We started blocking .com files to reduce the spread.

hermit921


At 12:38 PM 4/20/2004, Ken Rice wrote:
>I apologize for this OT post, so perhaps replies can be emailed to me off
>list, please?
>
>I've seen several of these today, and ClamAv doesn't catch them all, but
>MS does.
>
>The pattern in the Report: is basically the same, in the form of:
>
>www.[DOMAIN].com.[USERNAME].session-0000NNNN.com)
>
>Just curious if others have seen this.
>At first, I thought I had more "juice" to get the Windows/Web people to
>start Obfuscating email addresses on my
>companies' web pages, but that's another story.
>
>It's the session-nnnnnnn.com that intrigues me.
>
>thank you,
>
>Ken Rice
>
>An example of ClamAV nailing it along with MS:
>
>The following e-mail messages were found to have viruses in them:
>
>     Sender: [deleted]
>IP Address: 67.22.83.126
>  Recipient: [deleted]
>    Subject: Delivery failure notice (ID-00003132)
>  MessageID: i3KJLg126092
>     Report: ClamAV Module:
> www.[deleted].com.[usernamedeleted].session-00003132.com was infected:
> Worm.SomeFool.Y
>             MailScanner: Executable DOS/Windows programs are dangerous in
> email
>(www.[deleted].com.[usernamedeleted].session-00003132.com)



More information about the MailScanner mailing list