OT: Particular String showing up today

William Burns William.Burns at AEROFLEX.COM
Tue Apr 20 21:19:33 IST 2004


Ken:

Ken Rice wrote:

>I apologize for this OT post, so perhaps replies can be emailed to me off list, please?
>
>I've seen several of these today, and ClamAv doesn't catch them all, but MS does.
>
>The pattern in the Report: is basically the same, in the form of:
>
>www.[DOMAIN].com.[USERNAME].session-0000NNNN.com)
>
>Just curious if others have seen this.
>
>

Yup. I'm seeing them too today.
Vexira isn't catching them. (at least not all of them)
One of the other admins had the bright idea of turning off the antivirus
notifications so I can't tell you if some of them are getting caught.

-Bill

>At first, I thought I had more "juice" to get the Windows/Web people to start Obfuscating email addresses on my
>companies' web pages, but that's another story.
>
>It's the session-nnnnnnn.com that intrigues me.
>
>thank you,
>
>Ken Rice
>
>An example of ClamAV nailing it along with MS:
>
>The following e-mail messages were found to have viruses in them:
>
>    Sender: [deleted]
>IP Address: 67.22.83.126
> Recipient: [deleted]
>   Subject: Delivery failure notice (ID-00003132)
> MessageID: i3KJLg126092
>    Report: ClamAV Module: www.[deleted].com.[usernamedeleted].session-00003132.com was infected: Worm.SomeFool.Y
>            MailScanner: Executable DOS/Windows programs are dangerous in email
>(www.[deleted].com.[usernamedeleted].session-00003132.com)
>
>
>



More information about the MailScanner mailing list