----- Original Message ----- From: "Jon" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 27, 2003 8:28 AM Subject: [cobalt-security] Sendmail Log Message
> > Recently I have started to get this log report > > sendmail: Truncated MIME Content-Disposition header due to field size (possible > attack) > > Is this something that I can prevent and stop? I'm running fully patched raq3 > and raq4r and message appears in both logfiles. > > Thanks > > Jon Yeah, we do seem to be getting another wave of those alerts. I researched some of the messages that were causing them, and discovered they were infected with a worm called "sobig". The worm is a mass mailer. The mime headers it creates are incomplete - which triggers that "possible attack" alert. It's really not a problem for your RaQ, but you might want to warn your users, to watch out for infected email (as always), and make sure they have the *very latest* virus updates, because an out-of-date virus scanner won't catch this worm. :D -- David Black Houston, TX _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
