{Spam?}{Filename?} warning

Ken Hilliard ken at ACOTEC.COM
Thu Nov 10 02:07:49 GMT 2005 

I am using MailScanner-Clamav on the Linux machine. The LAN PCs are
using Macafee antivirus. It appears that messages is happening in
outbound generated messages but I have to do more checking to verify
this. 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Rick Cooper
Sent: Thursday, November 10, 2005 8:36 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: {Spam?}{Filename?} warning

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Ken Hilliard
> Sent: Wednesday, November 09, 2005 8:16 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: {Spam?}{Filename?} warning
>
>
> I have installed MailScanner. It has been working well for months. Now
> users are getting a warnings like:
>
> "Warning: This message has had one or more attachments removed
> (updated-password.zip, updated-passwo.pif). Please Read the
> "domainname-Attachment-Warning.txt" attachment(s) for more
information"
>
> The email that they are receiving is a form message. For example:
>
> "Dear user xxx,
>
> You have successfully updated the password of your domain-name
account.
>
> If you did not authorize this change or if you need assistance with
your
> account please contain domain-name customer service at:
> admininstrator at domain-name.com
>
> Thank you for using domain-name!
> The domain-name Support Team"
>
> I assumed that the PCs were infected with a virus that was generating
> the content but all the machines have anti-virus and we did online
> scans. Does anybody have any ideas.
>
> 						Thx, Ken


This looks like MyTob. MailScanner is stripping the payload but one
would
think it wouldn't get that far. What AV scanners are you running?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list