Re: [MailServer Notification]To Recipient virus found and action taken.

From: alan (alanat_private)
Date: Mon Jun 30 2003 - 08:33:16 PDT

  • Next message: Steve Beattie: "Re: [MailServer Notification]To Recipient virus found and action taken."

    On Tue, 1 Jul 2003, Russell Coker wrote:
    > On Tue, 1 Jul 2003 10:04, Antony Stone wrote:
    > > On Tuesday 01 July 2003 12:54 am, Russell Coker wrote:
    > > > Guys, what's going on here?
    > > >
    > > > Are these messages really originating with you as they claim or are they
    > > > getting tacked on the end of the address?
    > >
    > > The Sobig virus spoofs the sender address, so what you see is not where it
    > > appears to be from.
    > Yes, we all know that.
    > However those "notifications" about viruses are coming from  
    > Either a wirex server is running an anti-virus program and spamming their own 
    > list, or their list server is obscuring the real origin of the messages.
    Actually that message did *not* come from Wirex.  Read the headers again.
    Received: from (unknown []) by
   (Postfix) with ESMTP id 783E62EFCD for
            <linux-security-moduleat_private>; Mon, 30 Jun 2003 12:21:57 -0700 
    > In either case they have to fix it.
    We would if it was our problem.  That virus scanner for Exchange forges 
    the from header.
    Someone at and/or needs to not bounce virus 
    traffic into lists.
    Even more, someone else needs to update their anti-virus software.
    Of couse, it is not the dumbest thing I have seen a virus scan do as of 
    late.  Some see PGP sigs as viruses.  One even claimed that an attached C 
    program was a virus.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Jun 30 2003 - 17:28:32 PDT