Virus alert

Joshua Hirsh joshua.hirsh at partnersolutions.ca
Fri Mar 3 13:59:16 GMT 2006


> We're seeing a ton of these at many sites here in the US 
> right now. Looks like they started overnight. 
> 
> ---------------------------
> The following e-mails were found to have: Bad Filename Detected
> 
>     Sender: dax at 039.com
> IP Address: 59.2.134.56
>  Recipient: falesejo at lewisu.edu
>    Subject: 
>  MessageID: k23D3uTH027733
> Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733
>     Report: MailScanner: No programs allowed (msg-22172-24.txt)
> ---------------------------



Hi Stephen,

 I've been seeing these for atleast a week (see my last message to the list). Mostly from Chinese or European source addresses.

 They're picked up as executables (but really they aren't) because the payload starts with HEX character 01, followed by the word "BOUNDARY_OUTLOOK".


-Joshua


More information about the MailScanner mailing list