Messages being disarmed
Jason Waters
jason at geeknocity.com
Wed Dec 7 21:55:11 UTC 2016
I thought that I had disabled everything that would mark the subject as
disarmed but I keep getting emails like this and can not see what is in
them. Also the file that it says is on the server is not there.
Subject: {Disarmed} RE: Service
MailScanner was attacked by a Denial Of Service attack, and has therefore
deleted this part of the message. Please contact your e-mail providers for
more information if you need it, giving them the whole of this report.
Attack in: /var/spool/MailScanner/incoming/6797/25ACEE03FD.
AE977/nmsg-6797-37.html
Here is the log file(cat /var/log/mail.log|grep "25ACEE03FD.AE977" -B5 -A5)
Dec 7 12:59:47 mailscanner MailScanner[6797]: <A> tag found in message
25ACEE03FD.AE977 from user at remoteemail.com
Dec 7 12:59:47 mailscanner MailScanner[6797]: HTML Img tag found in
message 25ACEE03FD.AE977 from user at remoteemail.com
Dec 7 12:59:47 mailscanner MailScanner[6797]: Whitelist refresh time
reached
Dec 7 12:59:47 mailscanner MailScanner[6797]: Starting up SQL Whitelist
Dec 7 12:59:47 mailscanner MailScanner[6797]: Read 66 whitelist entries
Dec 7 12:59:56 mailscanner MailScanner[6797]: HTML disarming died, status
= 13
Dec 7 12:59:56 mailscanner MailScanner[6797]: Content Checks: Detected and
have disarmed KILLED tags in HTML message in 25ACEE03FD.AE977 from
user at remoteemail.com
Dec 7 12:59:56 mailscanner MailScanner[6797]: Requeue: 25ACEE03FD.AE977 to
B27BCE0403
Dec 7 12:59:56 mailscanner postfix/qmgr[1738]: B27BCE0403: from=<
user at remoteemail.com>, size=17598, nrcpt=2 (queue active)
Dec 7 12:59:56 mailscanner MailScanner[6797]: Uninfected: Delivered 1
messages
Thanks
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20161207/ef3f98e6/attachment.html>
More information about the MailScanner
mailing list