|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] OT: What's going on here?
|
On Tue, 2004-04-13 at 15:46, Chad Waters wrote:
> Well without the original headers it's hard to be certain, but
> most likely you are an innocent bystander whose email address was spoofed.
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q@mm.html
>
IOW you're now like just about everyone else on the planet.
Congratulations!
<G>
BTW, you don't run an antivirus on a mail server just to stop viruses
for the platform the mail server is running on; it's to prevent the
spread of viruses to/from all the platforms that the mail server serves.
In your case, Mac. And/or Windows, if you ever use/allow anyone else to
use Windows to send/receive mail through your server.
> -C
>
> On Tue, Apr 13, 2004 at 03:19:56PM -0400, Michael Lazin wrote:
> > I received this curious message today. It looks like a virus was sent
> > to Japan from my mail server. If anyone could tell me what is going on
> > it would be greatly appreciated. I am scanning my primary computer for
> > viruses now. It is a mac running os x. My mail server is a
> > sparcstation running Solaris 9. It has no virus protection, but I have
> > never heard of any Solaris viruses.
> >
> > Thanks,
> >
> > Michael
> >
> > Begin forwarded message:
> >
> > >From: Mail Delivery Subsystem
> > ><MAILER-DAEMON@fukudagw.hongo.fukuda.co.jp>
> > >Date: Tue Apr 13, 2004 11:23:54 AM US/Eastern
> > >To: <michael@lazinweb.homelinux.net>
> > >To: postmaster@fukudagw.hongo.fukuda.co.jp
> > >Subject: Returned mail: Too many hops 27 (25 max): from
> > ><michael@lazinweb.homelinux.net> via localhost.localdomain, to
> > ><09044@wa106.fukuda.co.jp>
> > >
> > >The original message was received at Wed, 14 Apr 2004 00:23:54 +0900
> > >from localhost.localdomain [127.0.0.1]
> > >
> > > ----- The following addresses had permanent fatal errors -----
> > ><09044@wa106.fukuda.co.jp>
> > >
> > > ----- Transcript of session follows -----
> > >554 Too many hops 27 (25 max): from <michael@lazinweb.homelinux.net>
> > >via localhost.localdomain, to <09044@wa106.fukuda.co.jp>
> > >Reporting-MTA: dns; fukudagw.hongo.fukuda.co.jp
> > >Received-From-MTA: DNS; localhost.localdomain
> > >Arrival-Date: Wed, 14 Apr 2004 00:23:54 +0900
> > >
> > >Final-Recipient: RFC822; 09044@wa106.fukuda.co.jp
> > >Action: failed
> > >Status: 5.4.6
> > >Last-Attempt-Date: Wed, 14 Apr 2004 00:23:54 +0900
> > >
> > >From: michael@lazinweb.homelinux.net
> > >Date: Tue Apr 13, 2004 11:17:09 AM US/Eastern
> > >To: 09044@wa106.fukuda.co.jp
> > >Subject: Error (09044@wa106.fukuda.co.jp)
> > >
> > >
> > >------------------ Virus Warning Message (on fukudagw)
> > >
> > >Found virus WORM_NETSKY.Q in file data.eml
> > >
> > >.scr (in data6306.zip)
> > >The uncleanable file is deleted.
> > >
> > >---------------------------------------------------------
> > >
> > >Mail Delivery System - This mail contains binary characters
> > >
> > >------------- failed message -------------
> > >B|6?UC~*I$I;k~D?__CU?Jr+U_GZTb+_$nF)+bjtj'#>_$
> > >rgPB+.yxJDAF:n'Kl)#SWl+off&gu#07wb+2BCX&6xZuY
> > >v$2VDu63*m5&?ZX?.*MW?lLNy6>#1roc?I0;6Q5rSSyD
> > >O8y;+0JV_&E9(?o7&Q:Rta;jQ?wad-hJ'Qk
> > >
> > >Received message has been attached.
> > >
> > >
> > >------------------ Virus Warning Message (on fukudagw)
> > >
> > >data6306.zip is removed from here because it contains a virus.
> > >
> > >---------------------------------------------------------
> > >
> >
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group -- http://www.phillylinux.org
> > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|