Thats Amavisd running on their mail server... !!!! Great stuff...
I have the same thing running on my postfix mandrake box here..
its saved me downloading 3 copies of bugbear today...
everyone with a linux mail server supporting windows clients should run
amavisd
its a shame that Mandrake doesn't see the benefit in making it an option...
both SUSE and Debian have amavis RPM's available.. mandrake doesn't appear
to have discovered it yet.
Here is the admin email amavis sent me this morning.:
A virus was found in an email from:
[EMAIL PROTECTED]
The message was addressed to:
-> [EMAIL PROTECTED]
The message has been quarantined as:
/var/virusmails/virus-20021003-065418-14677
Here is the output of the scanner:
Virus Scanner v3.1, VSAPI v5.500-0829
Trend Micro Inc. 1996,1997
Pattern version 357
Pattern number 47948
Configuration: -a -r -nl -c1 -c2 -u -s
/var/amavis/amavis-XXwgPOqL/parts/msg-14677-1.html
/var/amavis/amavis-XXwgPOqL/parts/msg-14677-2.dat
*** Found virus WORM_BUGBEAR.A in file
/var/amavis/amavis-XXwgPOqL/parts/msg-14677-2.dat
==============================
Directory:
Searched : 0
File:
Searched : 2
Scan : 2
Infected : 1
Infected : 1(Include files been compressed)
Time:
Start : 10/3/02 06:54:18
Stop : 10/3/02 06:54:18
Used : 00:00
Here are the headers:
------------------------- BEGIN HEADERS -----------------------------
Received: from atlas.tas-sie.net.au (atlas.tas-sie.net.au [203.57.213.26])
by mail.gshop.com.au (Postfix) with ESMTP id BB85D6E3
for <[EMAIL PROTECTED]>; Thu, 3 Oct 2002 06:54:05 +0800 (WST)
Received: from office (dialin18.smt.tas-sie.net.au [203.57.211.49])
by atlas.tas-sie.net.au (8.12.6/8.12.6/RG2.2) with SMTP id g92Mf8AR017909;
Thu, 3 Oct 2002 08:41:08 +1000 (EST)
Date: Thu, 3 Oct 2002 08:41:08 +1000 (EST)
Message-Id: <[EMAIL PROTECTED]>
From: "Clark Windows" <[EMAIL PROTECTED]>
Subject: Greets!
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------59XMUN6H7L3LGH2"
To: undisclosed-recipients: ;
-------------------------- END HEADERS ------------------------------
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ronald J. Hall
Sent: Thursday, 3 October 2002 3:18 AM
To: Mandrake Newbie List
Subject: [newbie] Virus warning from ISP
Just got this from my ISP - thought it was interesting - only address I get
that looks remotely like the sender here is from this list....
======================================================
SouthEast Telephone AntiVirus scan results
From: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Date: Wed, 02 Oct 2002 10:25:07 -0400
RAV AntiVirus for Linux i686 version: 8.3.2 (snapshot-20020108)
----------------------------------------------------
SouthEast Telephone AntiVirus results on mail from :
Received: from fn2.freenet.edmonton.ab.ca (HELO home.ecn.ab.ca)
(198.161.206.7)
Received: from fn2.freenet.edmonton.ab.ca
Received: from freenet.edmonton.ab.ca
Received: from rivenheart
----------------------------------------------------
This email was automatically generated by the SouthEast Telephone
email server in response to a virus infected email. Below you will
find out more information on why you are receiving this email. If
you are a SouthEast Telephone customer and you have any further
questions or concerns please contact our Technical Support Department
at 1-888-812-5199 or email us at [EMAIL PROTECTED] If you are not
a SouthEast Telephone customer you may wish to contact your Internet
Service Provider for more assistance.
The file (part0001:w9x_682.exe.pif) attached to mail (with subject: [Samba]
Windows XP Authentication)
SENT BY: [EMAIL PROTECTED]
SENT TO: [EMAIL PROTECTED],
IS INFECTED WITH VIRUS: Win32/Bugbear.A@mm.
Cannot clean this file.
The file was successfully deleted by SouthEast Telephone AntiVirus.
----------------------------------------------------
This is a copy of the e-mail header:
Received: from fn2.freenet.edmonton.ab.ca (HELO home.ecn.ab.ca)
(198.161.206.7)
Received: from fn2.freenet.edmonton.ab.ca
Received: from freenet.edmonton.ab.ca
Received: from rivenheart
----------------------------------------------------
Scan engine 8.9 () for i386.
Last update: Wed Oct 2 08:07:06 2002
Scanning for 72047 malwares (viruses, trojans and worms).
--
/\
Dark<
>Lord
\/
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
