Virus alert

Joshua Hirsh joshua.hirsh at
Fri Mar 3 13:59:16 GMT 2006

> We're seeing a ton of these at many sites here in the US 
> right now. Looks like they started overnight. 
> ---------------------------
> The following e-mails were found to have: Bad Filename Detected
>     Sender: dax at
> IP Address:
>  Recipient: falesejo at
>    Subject: 
>  MessageID: k23D3uTH027733
> Quarantine: /var/spool/MailScanner/quarantine/20060303/k23D3uTH027733
>     Report: MailScanner: No programs allowed (msg-22172-24.txt)
> ---------------------------

Hi Stephen,

 I've been seeing these for atleast a week (see my last message to the list). Mostly from Chinese or European source addresses.

 They're picked up as executables (but really they aren't) because the payload starts with HEX character 01, followed by the word "BOUNDARY_OUTLOOK".


More information about the MailScanner mailing list