Re: [newbie] Virus warning from ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 02 October 2002 5:36 pm, Jason Guidry did speak unto the huddled masses, saying: > #! /bin/bash > sudo slocate -u > slocate $REALLYBADWORM > echo AAAHHH! > slocate $BRAIN > echo 'Ahh, I see the problem' > umount /dev/head > sudo rm -rf /mnt/ass/head hrmm, i get a device busy error. further examination suggests my head is mounted in several other places via smb. i guess i shouldn't have given so many people a piece of my mind. .a copy maybe would be better. not like it takes up more than a floppy or so. - -- I cannot conceive of a God who rewards and punishes his creatures, or has a will of the type of which we are conscious in ourselves. An individual who should survive his physical death is also beyond my comprehension, such notions are for the fears or absurd egoism of feeble souls. - Albert Einstein shane Profile at: http://dmoz.org/profiles/shen.html Proud to be a DMOZ editor since 10-98 Mandrake Users Club Member http://www.linux-mandrake.com/en/club/ Registered linux user #101606 @ http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9nFpjBwq+ZwvIN/oRAgD+AJ9WqxMNq0VyHeEWjcQsLU7k721HawCfXppH qTeABuxLnWBbrgM5gCxEL/I= =I4QD -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Virus warning from ISP
Thats Amavisd running on their mail server... Great stuff... I have the same thing running on my postfix mandrake box here.. its saved me downloading 3 copies of bugbear today... everyone with a linux mail server supporting windows clients should run amavisd its a shame that Mandrake doesn't see the benefit in making it an option... both SUSE and Debian have amavis RPM's available.. mandrake doesn't appear to have discovered it yet. Here is the admin email amavis sent me this morning.: A virus was found in an email from: [EMAIL PROTECTED] The message was addressed to: -> [EMAIL PROTECTED] The message has been quarantined as: /var/virusmails/virus-20021003-065418-14677 Here is the output of the scanner: Virus Scanner v3.1, VSAPI v5.500-0829 Trend Micro Inc. 1996,1997 Pattern version 357 Pattern number 47948 Configuration: -a -r -nl -c1 -c2 -u -s /var/amavis/amavis-XXwgPOqL/parts/msg-14677-1.html /var/amavis/amavis-XXwgPOqL/parts/msg-14677-2.dat *** Found virus WORM_BUGBEAR.A in file /var/amavis/amavis-XXwgPOqL/parts/msg-14677-2.dat == Directory: Searched : 0 File: Searched : 2 Scan : 2 Infected : 1 Infected : 1(Include files been compressed) Time: Start : 10/3/02 06:54:18 Stop : 10/3/02 06:54:18 Used : 00:00 Here are the headers: - BEGIN HEADERS - Received: from atlas.tas-sie.net.au (atlas.tas-sie.net.au [203.57.213.26]) by mail.gshop.com.au (Postfix) with ESMTP id BB85D6E3 for <[EMAIL PROTECTED]>; Thu, 3 Oct 2002 06:54:05 +0800 (WST) Received: from office (dialin18.smt.tas-sie.net.au [203.57.211.49]) by atlas.tas-sie.net.au (8.12.6/8.12.6/RG2.2) with SMTP id g92Mf8AR017909; Thu, 3 Oct 2002 08:41:08 +1000 (EST) Date: Thu, 3 Oct 2002 08:41:08 +1000 (EST) Message-Id: <[EMAIL PROTECTED]> From: "Clark Windows" <[EMAIL PROTECTED]> Subject: Greets! MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--59XMUN6H7L3LGH2" To: undisclosed-recipients: ; -- END HEADERS -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronald J. Hall Sent: Thursday, 3 October 2002 3:18 AM To: Mandrake Newbie List Subject: [newbie] Virus warning from ISP Just got this from my ISP - thought it was interesting - only address I get that looks remotely like the sender here is from this list == SouthEast Telephone AntiVirus scan results From: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: Wed, 02 Oct 2002 10:25:07 -0400 RAV AntiVirus for Linux i686 version: 8.3.2 (snapshot-20020108) SouthEast Telephone AntiVirus results on mail from : Received: from fn2.freenet.edmonton.ab.ca (HELO home.ecn.ab.ca) (198.161.206.7) Received: from fn2.freenet.edmonton.ab.ca Received: from freenet.edmonton.ab.ca Received: from rivenheart This email was automatically generated by the SouthEast Telephone email server in response to a virus infected email. Below you will find out more information on why you are receiving this email. If you are a SouthEast Telephone customer and you have any further questions or concerns please contact our Technical Support Department at 1-888-812-5199 or email us at [EMAIL PROTECTED] If you are not a SouthEast Telephone customer you may wish to contact your Internet Service Provider for more assistance. The file (part0001:w9x_682.exe.pif) attached to mail (with subject: [Samba] Windows XP Authentication) SENT BY: [EMAIL PROTECTED] SENT TO: [EMAIL PROTECTED], IS INFECTED WITH VIRUS: Win32/Bugbear.A@mm. Cannot clean this file. The file was successfully deleted by SouthEast Telephone AntiVirus. This is a copy of the e-mail header: Received: from fn2.freenet.edmonton.ab.ca (HELO home.ecn.ab.ca) (198.161.206.7) Received: from fn2.freenet.edmonton.ab.ca Received: from freenet.edmonton.ab.ca Received: from rivenheart Scan engine 8.9 () for i386. Last update: Wed Oct 2 08:07:06 2002 Scanning for 72047 malwares (viruses, trojans and worms). -- /\ Dark< >Lord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus warning from ISP
On Wednesday 02 October 2002 04:17 pm, you wrote: > make you glad you use a OS that does not get uset by klez, don't it. I get > about 4 klez or nimda a day, and I kinda enjoy seeing what ever file was > sent as an attachment. last week, I got some with some java script from > someone who buys stock in the Itialian stock market. Yep, makes me real glad! (and that bit about the guy who buys stock in the Italian stock market is funny!) -- /\ Dark< >Lord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus warning from ISP
On Wednesday 02 October 2002 07:36 pm, Jason Guidry wrote: > On Wed, 2002-10-02 at 17:09, shane wrote: > > > > > That souns familiar > > > > > I jut got also that mail > > > > > with all the attachements. and viruses as I know now. > > > > > > > > Yeah, it's that new linux virus that strips random consonants from > > > > your outgoing email... > > > > hey i have had the "nocaps" worm and "bad speillers of the word untie" > > virus for over 9 years now. it is no laughing matter! ;-P > > yup, saw that one, too. > > here's a script to take care of it for you: > > #! /bin/bash > sudo slocate -u > slocate $REALLYBADWORM > echo AAAHHH! > slocate $BRAIN > echo 'Ahh, I see the problem' > umount /dev/head > sudo rm -rf /mnt/ass/head Good gravy, that is so funny, you guys kill me! HOHOHO ROTFL -- Dennis M. linux user #180842 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus warning from ISP
On Wed, 2002-10-02 at 17:09, shane wrote: > > > > That souns familiar > > > > I jut got also that mail > > > > with all the attachements. and viruses as I know now. > > > > > > Yeah, it's that new linux virus that strips random consonants from your > > > outgoing email... > > hey i have had the "nocaps" worm and "bad speillers of the word untie" virus > for over 9 years now. it is no laughing matter! ;-P > yup, saw that one, too. here's a script to take care of it for you: #! /bin/bash sudo slocate -u slocate $REALLYBADWORM echo AAAHHH! slocate $BRAIN echo 'Ahh, I see the problem' umount /dev/head sudo rm -rf /mnt/ass/head -- jason gmaestro.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus warning from ISP
shane wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >On Wednesday 02 October 2002 1:40 pm, et did speak unto the huddled masses, >saying: > >>On Wednesday 02 October 2002 03:14 pm, you wrote: >> >>>On Wed, 2002-10-02 at 14:47, Klemm wrote: >>> That souns familiar I jut got also that mail with all the attachements. and viruses as I know now. >>>Yeah, it's that new linux virus that strips random consonants from your >>>outgoing email... >>> > >hey i have had the "nocaps" worm and "bad speillers of the word untie" virus >for over 9 years now. it is no laughing matter! ;-P > You're lucky, I've had the LEFTTHECAPSLOCKON worm many times. BTW, I remember reading some stats on the quantity of Windows vs. Linux worms/viruses since 1991. Does anyone have the current figures? I need to do some counter-propanganda about Slapper. Sir Robin -- "We do not imprison ourselves with laws, or impoverish ourselves with money" - Iain Banks Robin Turner IDMYO Bilkent Universitesi Ankara 06533 Turkey www.bilkent.edu.tr/~robin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus warning from ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 02 October 2002 1:40 pm, et did speak unto the huddled masses, saying: > On Wednesday 02 October 2002 03:14 pm, you wrote: > > On Wed, 2002-10-02 at 14:47, Klemm wrote: > > > That souns familiar > > > I jut got also that mail > > > with all the attachements. and viruses as I know now. > > > > Yeah, it's that new linux virus that strips random consonants from your > > outgoing email... hey i have had the "nocaps" worm and "bad speillers of the word untie" virus for over 9 years now. it is no laughing matter! ;-P - -- Windows: Where do you want to go today? MacOS: Where do you want to be tomorrow? Linux: Are you coming or what? shane Profile at: http://dmoz.org/profiles/shen.html Proud to be a DMOZ editor since 10-98 Mandrake Users Club Member http://www.linux-mandrake.com/en/club/ Registered linux user #101606 @ http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9m26IBwq+ZwvIN/oRAiJCAJwPrhwbSo3vZl6yRJSiu+k4OpkxFwCfQoC6 Fy+p3G5t3Bi04FTUDahpwrY= =A+/M -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus warning from ISP
On Wednesday 02 October 2002 03:14 pm, you wrote: > On Wed, 2002-10-02 at 14:47, Klemm wrote: > > That souns familiar > > I jut got also that mail > > with all the attachements. and viruses as I know now. > > Yeah, it's that new linux virus that strips random consonants from your > outgoing email... ro lmao Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
