Re: Anyone seeing Account closed emails ?
Vivek Khera wrote: and the idiot mail system that did such neutering should be banned from the earth. there's absolutely no reason to strip a virus from an email then let the rest of the message through. Actually, it's occasionally the virus itself that misfires and forgets to attach a copy of itself. g I've seen those coming from infected customer systems to other customer accounts - no outside systems involved, so I'm certain the virus wasn't just stripped off by our virus scan. I *DID*, however, find a customer once that managed to get infected with a VBscript virus that attached itself to LEGITIMATE email. They were upset because their mail didn't seem to be getting through. -kgd -- Get your mouse off of there! You don't know where that email has been!
Anyone seeing Account closed emails ?
Anyone seeing this type of email coming through with a header of *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ? Didn't know if someone already had a ruleset out before I starting working on one for my system. Ron Ron Nutter [EMAIL PROTECTED] Network Infrastructure Security Manager Information Technology Services(502)863-7002 Georgetown College Georgetown, KY40324-1696
Re: Anyone seeing Account closed emails ?
Ronald I. Nutter wrote: Anyone seeing this type of email coming through with a header of *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ? Didn't know if someone already had a ruleset out before I starting working on one for my system. Hi, That is a Mytob virus variant. Maybe you should install a virus scanner like clamav. Regards, Rick
Re: Anyone seeing Account closed emails ?
Ronald I. Nutter wrote: Anyone seeing this type of email coming through with a header of *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ? Didn't know if someone already had a ruleset out before I starting working on one for my system. I'm getting them, but they are all picked up as viruses: At Sat May 21 02:05:16 2005 the virus scanner said: Command: account-details.zip-account-details.pif Infection: W32/[EMAIL PROTECTED] ClamAV Module: account-details.zip was infected: Worm.Mytob.BT Bitdefender: Found virus Win32.Worm.Mytob.AW in file account-details.zip
Re: Anyone seeing Account closed emails ?
On Mon, 6 Jun 2005, Rick Macdougall wrote:
Ronald I. Nutter wrote:
Anyone seeing this type of email coming through with a header of
*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
Didn't know if someone already had a ruleset out before I starting
working on one for my system.
That is a Mytob virus variant. Maybe you should install a virus scanner
like clamav.
Rick
Yes, that text is associated with a Mytob virus variant and if it's
in a live virus clamav will kill it.
However I've seen a number of those from stillborn virus mis-fires and
clamav will ignore those (IE the text is there but the payload is either
truncated or totally missing).
That then, is a job for SA.
--
Dave Funk University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{
Re: Anyone seeing Account closed emails ?
On Jun 6, 2005, at 11:27 AM, Rick Macdougall wrote: That is a Mytob virus variant. Maybe you should install a virus scanner like clamav. I got one before clamav and/or Vexira learned about it... i think both are noticing it now. Vivek Khera, Ph.D. +1-301-869-4449 x806 smime.p7s Description: S/MIME cryptographic signature
Re: Anyone seeing Account closed emails ?
On Jun 6, 2005, at 12:10 PM, David B Funk wrote: However I've seen a number of those from stillborn virus mis- fires and clamav will ignore those (IE the text is there but the payload is either truncated or totally missing). That then, is a job for SA. and the idiot mail system that did such neutering should be banned from the earth. there's absolutely no reason to strip a virus from an email then let the rest of the message through. Vivek Khera, Ph.D. +1-301-869-4449 x806 smime.p7s Description: S/MIME cryptographic signature
