Problem Messages

Hugo van der Kooij hvdkooij at
Thu Nov 12 07:04:09 GMT 2009

On 11/11/09 18:28, Brett Moss wrote:
> [root at mailgw ~]# cat /var/log/maillog|grep nABBuKZR024867
> Nov 11 03:56:33 mailgw sendmail[24867]: nABBuKZR024867: from=<kristieamn4 at>, size=2158, class=0, nrcpts=1, msgid=<000d01ca62c5$f6f7e140$6400a8c0 at kristieamn4>, proto=ESMTP, daemon=MTA, []
> Nov 11 03:56:46 mailgw MailScanner[20311]: [Found password stealer]<HTML/Irsphish (exact)>  ./nABBuKZR024867/msg-20311-2.html
> Nov 11 04:01:16 mailgw MailScanner[21397]: Making attempt 2 at processing message nABBuKZR024867
> Nov 11 04:01:29 mailgw MailScanner[21397]: [Found password stealer]<HTML/Irsphish (exact)>  ./nABBuKZR024867/msg-21397-3.html
> Nov 11 04:03:54 mailgw MailScanner[23223]: Making attempt 3 at processing message nABBuKZR024867

There may be some relevant log lines in between currently missing. At 
least an indication which scanner is detecting this. Which scanner is 
that BTW? Is it the only scanner? What are the other log lines?

And given the nature of the message I think you would not mind sharing 
the content of that message somewhere so others can have a look at it also.

I would propably never see these as the sender is using dialup networks 
and they would most likely be killed before the DATA line.


More information about the MailScanner mailing list