Problem Messages
Jules Field
MailScanner at ecs.soton.ac.uk
Wed Jan 13 08:22:00 GMT 2010
Please can you send me the message so I can see what happens?
As usual, upload to an unlinked URL on a website and email me directly
the URL it resides at.
Thanks!
Jules.
On 13/01/2010 07:37, --[ UxBoD ]-- wrote:
> Hi,
>
> I got spammed with the following message over night.
>
> Number of messages: 1
> Tries Message Last Tried
> ===== ======= ==========
> 6 2AE74398847B.A6EE2 Tue Jan 12 22:17:26 2010
>
> I have checked /var/spool/MailScanner/incoming/Processing.db and the message is listed:
>
> strings Processing.db
> SQLite format 3
> {tablearchivearchive
> CREATE TABLE archive (id TEXT, count INT, nexttime INT)J
> gindexid_uniqprocessing
> CREATE UNIQUE INDEX id_uniq ON processing(id)[
> tableprocessingprocessing
> CREATE TABLE processing (id TEXT, count INT, nexttime INT)
> 892FD3988413.A95E6
> 26E5239883ED.A900C
> KMwT
> .892FD3988413.A95E6
> 26E5239883ED.A900C
> 2AE74398847B.A6EE2
>
> Yet the message has actually been sorted in the Quarantine ?
>
> # ls -ld quarantine/20100112/2AE74398847B.A6EE2
> drwxrwx--- 2 postfix apache 4096 Jan 13 07:31 quarantine/20100112/2AE74398847B.A6EE2
>
> If it has been moved to the quarantine then should it not have been removed from the Processing database ?
>
> Jan 12 21:53:15 gateway MailScanner[3575]: [Found password stealer]<HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3575-13.html
> Jan 12 21:57:16 gateway MailScanner[3561]: Making attempt 2 at processing message 2AE74398847B.A6EE2
> Jan 12 21:57:18 gateway MailScanner[3561]: [Found password stealer]<HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3561-5.html
> Jan 12 22:02:25 gateway MailScanner[3557]: Making attempt 3 at processing message 2AE74398847B.A6EE2
> Jan 12 22:02:26 gateway MailScanner[3557]: [Found password stealer]<HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3557-5.html
> Jan 12 22:06:55 gateway MailScanner[7797]: Making attempt 4 at processing message 2AE74398847B.A6EE2
> Jan 12 22:06:57 gateway MailScanner[7797]: [Found password stealer]<HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-7797-3.html
> Jan 12 22:10:38 gateway MailScanner[3552]: Making attempt 5 at processing message 2AE74398847B.A6EE2
> Jan 12 22:10:40 gateway MailScanner[3552]: [Found password stealer]<HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-3552-9.html
> Jan 12 22:14:30 gateway MailScanner[7757]: Making attempt 6 at processing message 2AE74398847B.A6EE2
> Jan 12 22:14:31 gateway MailScanner[7757]: [Found password stealer]<HTML/Bayfraud.CD (exact)> ./2AE74398847B.A6EE2/msg-7757-2.html
> Jan 12 22:14:35 gateway MailScanner[8075]: Warning: skipping message 2AE74398847B.A6EE2 as it has been attempted too many times
> Jan 12 22:14:35 gateway MailScanner[8075]: Quarantined message 2AE74398847B.A6EE2 as it caused MailScanner to crash several times
> Jan 12 22:14:35 gateway MailScanner[8075]: Saved entire message to /var/spool/MailScanner/quarantine/20100112/2AE74398847B.A6EE2
> Jan 12 22:14:35 gateway MailScanner[8075]: Logging message 2AE74398847B.A6EE2 to SQL
> Jan 12 22:14:35 gateway MailScanner[8801]: 2AE74398847B.A6EE2: Logged to MailWatch SQL
>
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list