OT: Particular String showing up today {Scanned}
Eagle Net Support
support at EAGLE-ACCESS.NET
Tue Apr 20 22:14:08 IST 2004
Seen the first (and only) one of these .com at 12:34 MST. Was caught and quarantined by clamav. Unknown if others
got through before this catch.
joe
Ken Rice wrote:
> I apologize for this OT post, so perhaps replies can be emailed to me off list, please?
>
> I've seen several of these today, and ClamAv doesn't catch them all, but MS does.
>
> The pattern in the Report: is basically the same, in the form of:
>
> www.[DOMAIN].com.[USERNAME].session-0000NNNN.com)
>
> Just curious if others have seen this.
> At first, I thought I had more "juice" to get the Windows/Web people to start Obfuscating email addresses on my
> companies' web pages, but that's another story.
>
> It's the session-nnnnnnn.com that intrigues me.
>
> thank you,
>
> Ken Rice
>
> An example of ClamAV nailing it along with MS:
>
> The following e-mail messages were found to have viruses in them:
>
> Sender: [deleted]
> IP Address: 67.22.83.126
> Recipient: [deleted]
> Subject: Delivery failure notice (ID-00003132)
> MessageID: i3KJLg126092
> Report: ClamAV Module: www.[deleted].com.[usernamedeleted].session-00003132.com was infected: Worm.SomeFool.Y
> MailScanner: Executable DOS/Windows programs are dangerous in email
> (www.[deleted].com.[usernamedeleted].session-00003132.com)
>
> --
> This message has been scanned for viruses and
> dangerous content, and is believed to be clean.
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
More information about the MailScanner
mailing list