On Sat, May 24, 2003 at 07:22:18AM -0700, terry white wrote: > ... anyone know what this is: > > "May 24 05:42:31 yossarian sendmail[3835]: h4OCg7Da003834: Fixed MIME > Content-Disposition header field (possible attack)" More than likely, it's evidence of the Sobig.B (aka Palyh or Mankx) worm entering your mail system -- search your mail log for the spool id (h40Cg7Da003834) and see if the from address is supportat_private Starting with 8.12.8, I believe, sendmail now creates such log entries in an attempt to prevent MUA overflows wrt MIME headers. This worm apparently has a Content-Disposition header that is too big and hence is shortened by your sendmail daemon. George -- theallat_private
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 08:31:32 PDT