Mailscanner restarting over and over after detecting phishing attack

Wed Nov 17 15:05:17 GMT 2004

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm seeing this in my maillog:

Nov 17 10:01:09 mail2 MailScanner[31220]: Spam Checks: Found 19 spam messages
Nov 17 10:01:13 mail2 postfix/smtp[30684]: B93F137E58D: to=<1zbztgr1hloxrxxhilr27sjs8c8fbb at 85338.reply.zs-n.com>, relay=smtp.zs-n.com[63.251.54.70],
 delay=49465, status=deferred (host smtp.zs-n.com[63.251.54.70] said: 451 Timeout)
Nov 17 10:01:14 mail2 MailScanner[31220]: Virus and Content Scanning: Starting
Nov 17 10:01:14 mail2 MailScanner[31220]: Content Checks: Detected and will disarm HTML message in 4864330A929
Nov 17 10:01:14 mail2 MailScanner[31220]: Found phishing fraud from www.otcbb.com/asp/quote_module.asp?symbol=mtdn</a><br><br>
Nov 17 10:01:14 mail2 MailScanner[31220]: big year expected in 2005 for motion dna<br>
Nov 17 10:01:15 mail2 MailScanner[31220]:   <br>
Nov 17 10:01:15 mail2 MailScanner[31220]: trading symbol mtdn<br>
Nov 17 10:01:15 mail2 MailScanner[31220]: current price (est.) $0.025<br>
Nov 17 10:01:15 mail2 MailScanner[31220]: valued price (est.) $1.00<br><br>
Nov 17 10:01:16 mail2 MailScanner[31373]: MailScanner E-Mail Virus Scanner version 4.35.10 starting...
Nov 17 10:01:17 mail2 MailScanner[31373]: Using locktype = flock
Nov 17 10:01:17 mail2 MailScanner[31373]: New Batch: Scanning 30 messages, 131067 bytes

Everytime I see this MailScanner is restarting. This has occurred over 170 times over the past 90 minutes.

--
Ed Bruce
Health Plan of Michigan
Senior Programmer
Phone:  248.226.1512
FAX:    248.204.6569

--
This message, including any attachments, is intended solely for the use
of the named recipients(s) and may contain confidential and/or
privileged information. Any unauthorized review, use, disclosure or
distribution of this communication is expressly prohibited. If you are
not the intended recipient, please contact the sender by reply e-mail
and destroy any and all copies of the original message.

Thank you for your cooperation.

--
This message has been scanned for viruses and dangerous content by
Secure Resource, and is believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!