Potential Postfix CentOS message unpacking bug

Paul Bijnens Paul.Bijnens at xplanation.com
Mon Sep 15 09:48:58 IST 2008


On 2008-09-15 09:48, Julian Field wrote:
> As some of you may have already realised, a few people are having a 
> problem on particular OS's when using Postfix, where a message generated 
> by a particular Trojan are not being unpacked properly.
> 
> So Postfix users on CentOS, please can you check your logs for any 
> 16-17Kb spams which could possibly containing an attachment called 
> "start.zip" (grep should find it in raw queue files, if you're wondering 
> how to do that for raw queue files), which have not always been detected 
> as infected.
> 
> You might want to use the "Archive Mail" feature of MailScanner.conf for 
> a while to see if you're getting anything like that, in case you are 
> suffering the problem.
> 
> We would very much like to know how widespread this problem is, so 
> please report back with your findings and we'll take a straw poll of the 
> respondents.


Running MailScanner on CentOS here, with archiving enabled as well.

I did not find any message containing an attachment "start.zip" in
my archived mails (between sep 11 and now sep 15 10:41 MET, for a total of
10928 mails).

I'll still keep an eye on it for some days.

-- 
Paul Bijnens, xplanation Technology Services        Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  Paul.Bijnens at xplanation.com
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************


More information about the MailScanner mailing list