Semi-OT: logwatch-pre6.0-4 Released
John Wilcock
john at TRADOC.FR
Tue Feb 15 16:53:27 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Phillip T. George wrote:
> That sounds great. Could I get a link to a site with more information
> on this script?
See www.logwatch.org.
I don't think there's any information there about the mailscanner script
in particular, but I've pasted a sample of the output below:
> --------------------- MailScanner Begin ------------------------
>
> MailScanner Status:
> 566 messages Scanned by MailScanner
> 5.6 Total MB
> 76 Spam messages detected by MailScanner
> 71 Spam messages with action(s) store
> 5 Spam messages with action(s) store,deliver
> 9 Viruses found by MailScanner
> 8 Banned attachments found by MailScanner
> 1 Content Problems found by MailScanner
> 493 Messages delivered by MailScanner
>
> ClamAVModule Virus Report: (Total Seen = 9)
> Trojan.Downloader.Small-165: 1 Times(s)
> Worm.Bagle.AG.2: 4 Times(s)
> Worm.Bagle.Gen-zippwd: 1 Times(s)
> Worm.SomeFool.P: 3 Times(s)
>
> F-Prot Virus Report: (Total Seen = 9)
> HTML/IFrame at expl : 1 Times(s)
> W32/Bagle.AI at mm : 4 Times(s)
> W32/Bagle.BC at mm : 1 Times(s)
> W32/Netsky.Q.corr : 3 Times(s)
>
> Virus Sender Report: (Total Seen = 8)
> 217.112.52.115 : 1 Times(s)
> 62.4.16.80 : 2 Times(s)
> 82.121.133.139 : 1 Times(s)
> 82.121.133.165 : 1 Times(s)
> 83.114.148.52 : 1 Times(s)
> 83.114.150.59 : 1 Times(s)
> 83.114.152.74 : 1 Times(s)
>
> Content Report: (Total Seen = 1)
> HTML-specific exploits: 1 Times(s)
>
> Banned Filename Report: (Total Seen = 8)
> Password-protected archive (Fish.zip): 1 Times(s)
> possible virus hidden in a screensaver (05280e100c.9e62a data.rtf -space- .scr) : 1 Times(s)
> possible virus hidden in a screensaver (e0408e100c.30068 message.scr) : 1 Times(s)
> windows/dos executable (49734e100c.5f81c doll.exe) : 1 Times(s)
> windows/dos executable (9eef3e11e5.e3f87 garry.com) : 1 Times(s)
> windows/dos executable (abacfe100c.0997c mp3.exe) : 1 Times(s)
> windows/dos executable (c418ae100c.4db55 cool_mp3.exe) : 1 Times(s)
> windows/dos executable (e21f0e100c.c7235 siupd02.com) : 1 Times(s)
>
> Phishing Report: (Total Seen = 1)
> www.emf2.com: 1 Times(s)
>
> Detail:
> www.emf2.com claiming to be www.nicotime.fr: 1 Times(s)
>
> HTML <FORM> tag report: (Total Seen = 4)
> alexandra.7105.150558.mailmenu.dbounce at votre.messagizer.fr : 1 Times(s)
> bounce-mw-20599808 at blast1.myfree.com : 1 Times(s)
> chnetwork at newsletter.myabout.com : 1 Times(s)
> owner-todaysl*stephen**tradoc*-fr at ablist.about.com : 1 Times(s)
>
> HTML <SCRIPT> tag report: (Total Seen = 1)
> christian.delfosse at wanadoo.fr : 1 Times(s)
>
> HTML <IFRAME> tag report: (Total Seen = 1)
> webmaster at lerucher.com : 1 Times(s)
>
> **Unmatched Entries**
> /var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe could be a suspicious file (encrypted program in archive) : 1 Time(s)
> Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "/var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe could be a suspicious file (encrypted program in archive)". Please mail the author of MailScanner : 1 Time(s)
>
> ---------------------- MailScanner End -------------------------
John.
--
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list