Problem Email Again (retry)

Mike Kercher mike at CAMAROSS.NET
Fri Jun 17 01:00:47 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Scott Silva
Sent: Thursday, June 16, 2005 2:03 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Problem Email Again (retry)

Mike Kercher said the following on 6/15/2005 4:53 PM:
> I tried attaching the problem qf/df pair and it was rejected so I have 
> uploaded the archive here:
> 
> http://www.abby.com/problem_email.tar.gz
> 
> 
> 
> I emailed the list a week or so ago about certain emails getting stuck 
> in /var/spool/mqueue.in, being processed over and over again.  It 
> happened again today.  I restarted MailScanner in debug mode and 
> didn't see anything useful there:
> 
> Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases 
> rebuilt by root
Not the slightest problem here. Maybe a virus scanner is choking on your
system?
Here are the results I got;

The following e-mails were found to have: Virus Detected

    Sender: service at paypal.com
IP Address: 66.163.175.82
 Recipient: northbelt at abby.com
   Subject: Account Verification Notice!
 MessageID: j5FJvISb003617
Quarantine: /var/spool/MailScanner/quarantine/20050616/j5FJvISb003617
    Report: ClamAV Module: msg-21678-13.html was infected:
HTML.Phishing.Pay-24

Full headers are:

 Return-Path: <^Ág>
 Received: from smtp005.bizmail.sc5.yahoo.com (smtp005.bizmail.sc5.yahoo.com
[66.163.175.82])
 	by mail.abby.com (8.13.4/8.13.4) with SMTP id j5FJvISb003617
 	for <northbelt at abby.com>; Wed, 15 Jun 2005 14:57:26 -0500
 Message-Id: <200506151957.j5FJvISb003617 at mail.abby.com>
 Received: from unknown (HELO admin at wangod.com)
(admin at wangod.com@203.210.212.110 with login)
   by smtp005.bizmail.sc5.yahoo.com with SMTP; 15 Jun 2005 19:58:31 -0000
 Reply-To: "service at paypal.com" <service at paypal.com>
 From: "service at paypal.com" <service at paypal.com>
 To: <northbelt at abby.com>
 Subject: Account Verification Notice!
 Date: Thu, 16 Jun 2005 02:58:12 +0700
 MIME-Version: 1.0
 Content-Type: text/html;
 	charset="us-ascii"
 X-Priority: 3
 X-MSMail-Priority: Normal
 X-Mailer: Microsoft Outlook Express 6.00.2800.1106
 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the 

This server also detects the Phish, but for some reason, it never gets moved
out of /var/spool/mqueue.in, thus it gets processed over and over.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list