OT: Particular String showing up today
William Burns
William.Burns at AEROFLEX.COM
Tue Apr 20 21:19:33 IST 2004
Ken:
Ken Rice wrote:
>I apologize for this OT post, so perhaps replies can be emailed to me off list, please?
>
>I've seen several of these today, and ClamAv doesn't catch them all, but MS does.
>
>The pattern in the Report: is basically the same, in the form of:
>
>www.[DOMAIN].com.[USERNAME].session-0000NNNN.com)
>
>Just curious if others have seen this.
>
>
Yup. I'm seeing them too today.
Vexira isn't catching them. (at least not all of them)
One of the other admins had the bright idea of turning off the antivirus
notifications so I can't tell you if some of them are getting caught.
-Bill
>At first, I thought I had more "juice" to get the Windows/Web people to start Obfuscating email addresses on my
>companies' web pages, but that's another story.
>
>It's the session-nnnnnnn.com that intrigues me.
>
>thank you,
>
>Ken Rice
>
>An example of ClamAV nailing it along with MS:
>
>The following e-mail messages were found to have viruses in them:
>
> Sender: [deleted]
>IP Address: 67.22.83.126
> Recipient: [deleted]
> Subject: Delivery failure notice (ID-00003132)
> MessageID: i3KJLg126092
> Report: ClamAV Module: www.[deleted].com.[usernamedeleted].session-00003132.com was infected: Worm.SomeFool.Y
> MailScanner: Executable DOS/Windows programs are dangerous in email
>(www.[deleted].com.[usernamedeleted].session-00003132.com)
>
>
>
More information about the MailScanner
mailing list