Potential Postfix CentOS message unpacking bug

Alex Broens ms-list at alexb.ch
Mon Sep 15 14:12:36 IST 2008


On 9/15/2008 2:26 PM, Andreas Kasenides wrote:
> Julian Field wrote:
>> As some of you may have already realised, a few people are having a 
>> problem on particular OS's when using Postfix, where a message 
>> generated by a particular Trojan are not being unpacked properly.
>>
>> So Postfix users on CentOS, please can you check your logs for any 
>> 16-17Kb spams which could possibly containing an attachment called 
>> "start.zip" (grep should find it in raw queue files, if you're 
>> wondering how to do that for raw queue files), which have not always 
>> been detected as infected.
>>
>> You might want to use the "Archive Mail" feature of MailScanner.conf 
>> for a while to see if you're getting anything like that, in case you 
>> are suffering the problem.
>>
>> We would very much like to know how widespread this problem is, so 
>> please report back with your findings and we'll take a straw poll of 
>> the respondents.
>>
>> Thanks folks!
>>
>> Jules
>>
> Running MS 4.71.10 with Postfix 2.3.3 and CentOS 5.2.
> Many of these, actually 79 in the last 36 hours or so have been caught 
> successfully.

many... cool
how many were tagged as spam and not detected?

Subjects can be:

So cute!
How Sun loves...
Dare to see!
Can't miss this.
Tears from the Moon.
Just watch this!

all between 16.4kb and 16.8kb

for those using Mailwatch they should be easy to find

thanks all for your help

Alex





More information about the MailScanner mailing list