Tons of 1.txt messages

Stephen Swaney steve.swaney at fsl.com
Fri Jul 22 20:07:28 IST 2005 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Jason.Burzenski at AMERICANHM.COM
> Sent: Friday, July 22, 2005 2:37 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Tons of 1.txt messages
> 
> We are suddenly (within the past hour) seeing dozens of reports from users
> about messages coming in with an attachment 1.txt (wich is 80b and empty).
> There is always a 1 in the body and nothing else.  The source address is
> always forged and most of them seem to be coming from large ISP user IP
> pools. 

> Here is a sample header:
> 
> Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by
> x.americanhm.com with SMTP (x)
>         id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400
> Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net
> [217.185.106.150])
>         by x.americanhm.com (8.12.10/8.12.10) with SMTP id j6MHmr22028595
>         for <mg at americanhm.com>; Fri, 22 Jul 2005 13:48:55 -0400
> Date: Fri, 22 Jul 2005 19:59:41 +0100
> To: "Mg" <mg at americanhm.com>
> From: "Mg" <mg at ales.com.ec>
> Subject: 1
> Message-ID: <tmzgclxpkjdscxevsvp at americanhm.com>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="--------elrddgzjoshelqmabgkc"
> X-SAMS-Information: Please contact the ISP for more information
> X-SAMS: Found to be clean
> X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4,
>         BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32)
> X-MailScanner-From: mg at ales.com.ec
> 
> ----------elrddgzjoshelqmabgkc
> Content-Type: text/html; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> 
> ----------elrddgzjoshelqmabgkc
> Content-Type: application/octet-stream; name="1.txt"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="1.txt"
> 
> ----------elrddgzjoshelqmabgkc--


Thanks for the information. You might want to block attachments with a
filename of 1.txt.

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list