Re: Guess who is sending out MyDoom mail???

Mon, 02 Feb 2004 08:03:49 -0800

My incoming email is handled on a Linux Gateway machine running Postfix, with
Amavis-NEW and Spam Assassin (server level)  Amavis-NEW also has the anti-virus
scanner incorporated within.  After filtering, it is sent to my Imail server.
(or in the case of remote clients, relayed to their own server.)   This Linux
box is currently handling 96 distinct domains, and around 30K messages per day.
CPU usage is around 0.17 under load.

The anti-virus program (H+BD A/V, from Germany) is what produces the message.

I host the list server for kcfusion.org.  The particular virus mail was trapped
and not sent to the list.

D.

  ----- Original Message -----
  From: Angel Stewart
  To: CF-Community
  Sent: Monday, February 02, 2004 8:34 AM
  Subject: RE: Guess who is sending out MyDoom virus mail???

  Hey..what software did you use to track and trap this virus?

  I like the verbose descriptions on everything :)

  -Gel

  -----Original Message-----
  From: Doug White [mailto:[EMAIL PROTECTED]

  A virus (Worm/MyDoom.A2) was found.

  Scanner detecting a virus: H+B EDV AntiVir

  The mail originated from: <[EMAIL PROTECTED]>

  According to the 'Received:' trace, the message originated at:
     from LOCALHOST by LOCALHOST with ESMTP id
  2E22C44478D60F41A068691BBF0977DA
  Mon, 2 Feb 2004 00:04:40 -0500

  The message WAS NOT delivered to:
  <[EMAIL PROTECTED]>:
     250 2.7.0 Ok, discarded, id=10861-03 - VIRUS: Worm/MyDoom.A2

     VDF version: 6.23.0.53 created 30 Jan 2004
      Date:  1.02.2004  Time: 22:53:42  Size: 22528
      ALERT: [Worm/MyDoom.A2 virus]
  /var/amavis/amavis-20040201T223721-10861/parts/part-00003 <<< Contains
  signature
  of the worm Worm/MyDoom.A2

  The message has been quarantined as:
     /var/virusmails/virus-20040201-225343-10861-03

  ------------------------- BEGIN HEADERS -----------------------------
  Received: from houseoffusion.com (houseoffusion.com [64.118.64.245])
  by GULF.clickdoug.com (Postfix) with ESMTP id 98BB73E015D
  for <[EMAIL PROTECTED]>; Sun,  1 Feb 2004 22:53:25 -0600 (CST)
  Received: from LOCALHOST by LOCALHOST
  with ESMTP id 2E22C44478D60F41A068691BBF0977DA
  Mon, 2 Feb 2004 00:04:40 -0500
  Content-Type: text/plain
  Date: Mon, 2 Feb 2004 10:35:34 +0530
  From: [EMAIL PROTECTED]
  Message-ID: <[EMAIL PROTECTED]>
  Precedence: bulk
  Subject: Not Subscribed: test
  To: [EMAIL PROTECTED]
  -------------------------- END HEADERS ------------------------------
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to