Re: [SLE] Virus Scanner
From: peter Nikolic (p.nikolic1_at_btinternet.com)
Date: 06/07/04
- Previous message: Erik Jakobsen: "[SLE] Sound in Gaim ?"
- In reply to: Mas Hangga: "RE: [SLE] Virus Scanner"
- Next in thread: Sid Boyce: "Re: [SLE] Virus Scanner"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: Mon, 7 Jun 2004 08:16:08 +0100
On Monday 07 Jun 2004 03:39, Mas Hangga wrote:
> Hehehe.....on Saturday and Sunday, I was at home and my office
> computer is shutdown, but there is a notification today from
> other mail server, that my computer send viruses on Saturday,
> june 5th 2004.
>
> ==> This is body email notification:
>
> Spam detection software, running on the system
> "mailserver.xxxxx.com", has identified this incoming email as
> possible spam. The original message has been attached to this
> so you can view it (if it isn't spam) or block similar future
> email. If you have any questions, see the administrator of
> that system for details.
>
> Content preview: The file you have sent was infected with a
> virus but InterScan E-Mail VirusWall could not clean it. [...]
>
> Content analysis details: (5.4 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 4.1 SUBJ_HAS_SPACES Subject contains lots of white
> space -0.0 BAYES_44 BODY: Bayesian spam
> probability is 44 to 50% [score: 0.4776]
> 2.7 SUBJ_HAS_UNIQ_ID Subject contains a unique ID
> 2.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after
> Received: date -3.4 AWL AWL: Auto-whitelist
> adjustment
>
> ==> This is header from this notification:
>
> Return-Path: <>
> Delivered-To: dahandoko@xxxxx.com
> Received: (qmail 1944 invoked by uid 503); 5 Jun 2004 06:10:21
> -0000 Received: from localhost [127.0.0.1] by
> mailserver.xxxxxx.com with SpamAssassin (2.60
> 1.212-2003-09-23-exp);
> Sat, 05 Jun 2004 13:10:34 +0700
> From: SGposter
> To: <dahandoko@xxxxxx.com>
> Subject: [***SPAM***] Failed to clean virus file old_photos.txt
> .exe
> Date: Sat, 05 Jun 2004 14:02:50 -0400
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 2.60
> (1.212-2003-09-23-exp) on mailserver.xxxxxxx.com
> X-Spam-Level: *****
> X-Spam-Status: Yes, hits=5.4 required=5.0 tests=AWL,BAYES_44,
> DATE_IN_FUTURE_06_12,SUBJ_HAS_SPACES,SUBJ_HAS_UNIQ_ID
> autolearn=no version=2.60
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----------=_40C163DA.04254529"
>
>
> ==> This is the header from mail that "my machine" sent with
> viruses: Received: from by mailserver.xxxx.com by uid 107 with
> qmail-scanner-1.20rc4
>
> (clamuko: 0.70. f-prot: 3.12/. spamassassin: 2.60.
> Clear:RC:0:SA:0(3.1/5.0):.
> Processed in 8.397553 secs); 05 Jun 2004 06:10:21 -0000
> X-Spam-Status: No, hits=3.1 required=5.0
> Received: from unknown (HELO mail01.sg.schneider-electric.com)
> (203.120.62.227)
> by 10.3.8.66 with SMTP; 5 Jun 2004 06:10:12 -0000
> Date: Sat, 05 Jun 2004 14:02:50 -0400
> From: SGposter
> To: <dahandoko@xxxxxx.com>
> Subject: Failed to clean virus file old_photos.txt
> .exe
> X-Qmail-Scanner-Message-ID:
> <10864158136531800@mailserver.xxxxxx.com>
>
>
> Our office mail server use f-prot as virus scanner and clamuko
> as antivirus mailserver. Is it possible that actually, our
> mailserver was sending virusess??? Hope it can help....;-)
>
> Regards,
> Angga
>
> -----Original Message-----
> From: Anders Johansson [mailto:andjoh@rydsbo.net]
> Sent: Monday, June 07, 2004 8:43 AM
> To: suse-linux-e@suse.com
> Subject: Re: [SLE] Virus Scanner
>
> On Monday 07 June 2004 03.35, Hangga wrote:
> > I use suse as a workstation with Antivir as a virus scanner,
> > but this machine still send viruses or worm to other
> > computers on LAN, to our mail server, to all customer, etc.
> > our mail server use redhat 9.0 (shrike) with fprot
> > antivirus for mail server, but it's still send viruses/worm
> > to all of our customers.
>
> Nice try.
>
> Your SuSE workstation has never sent a virus or worm to anyone
> unless you yourself composed it and sent it.
there are so many of these so called viruses out there all with
faked return addresses and all sorts of other lies what you
got is someone bieng a plonker basically what you ainīt got is a
Linux virus they dont exist out there and attempts at illicit
mods to source code are picked up and dealt with so yeah know
what i mean breath easy ..
-- Linux user No: 256242 Machine No: 139931 G6NJR Pete also MSA registered "Quinton 11" A Linux Only area Happy bug hunting M$ clan PGN -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Erik Jakobsen: "[SLE] Sound in Gaim ?"
- In reply to: Mas Hangga: "RE: [SLE] Virus Scanner"
- Next in thread: Sid Boyce: "Re: [SLE] Virus Scanner"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
