Re: Worm.Swen =?iso-8859-1?q?diffus=E9=20via=20debian-user-french?= ?

Thu, 25 Sep 2003 01:47:30 -0500 

Le Jeudi 25 Septembre 2003 08:12, Corwin a �crit :
> >Bonjour,
> >comment d�sinfect� d�finitivement ce virus alors ?
> >
> >Il revient toujours !
> >
> >Thierno CISSE
>
> 
> Comme l'a dit Julien, c�t� client, tu peux utiliser sous windows les m�mes
> outils que sous Linux. Pendant un temps, je tournais sous win avec Cygwin +
> Exim + Clamav + Spamassassin.
 
> Sinon, je pense que la meilleure solution serait de filtrer les mails au
> niveau de la liste. Je ne comprends pas tr�s bien d'ailleurs pourquoi ca
> n'est pas fait !!
 Toutes les mailing lists Cygwin sont filtr�es par
> exemple, pas un exe ne passe. 
> Alors monsieur [email protected] , c'est possible ou pas
> ??
 
> Thomas

C'est non seulement envoy� � la liste, mais aussi � ceux qui y sont inscrits 
(et � d'autres aussi). Les messages virus�s envoy�s � la liste sont d�j� 
filtr�s � priori. Donc, tous les emails sven que vous recevez vous sont 
directement envoy�s...
Ci-joint un mail qui m'a �t� envoy� par un serveur SMTP qui a filtr� un 
message sven. Notez bien le champ "RCPT TO:" du message filtr� : vous noterez 
que je suis en 6�me position. DUF est en 3�me position, mais je n'ai pas re�u 
ce message-ci (je n'ai re�u que celui qui est pass� directement par yahoo 
sans passer par lists.debian.org) : il a probablement �t� filtr� par 
lists.debian.org.


D�but du message r�exp�di�:
X-Apparently-To: [EMAIL PROTECTED] via 216.136.226.178; Mon, 22 Sep 
2003 23:39:58 -0700
X-YahooFilteredBulk: 210.59.228.198
Return-Path: <>
Received: from 210.59.228.198  (HELO lynx.url.com.tw) (210.59.228.198)
  by mta137.mail.scd.yahoo.com with SMTP; Mon, 22 Sep 2003 23:39:58 -0700
Received: (qmail 26907 invoked from network); 23 Sep 2003 06:42:52 -0000
Received: from unknown (HELO pollux.url.com.tw) ([210.59.228.142]) 
(envelope-sender <>)
          by lynx.url.com.tw (qmail-ldap-1.03) with SMTP
          for <[EMAIL PROTECTED]>; 23 Sep 2003 06:42:52 -0000
Received: (qmail 10377 invoked by uid 505); 23 Sep 2003 06:38:01 -0000
Date: 23 Sep 2003 06:38:01 -0000
From: "System Anti-Virus Administrator" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: virus found in received message "Letter"
Message-ID: <[EMAIL PROTECTED]>
X-Tnz-Problem-Type: 40
MIME-Version: 1.0
Content-type: text/plain
Status: RO
X-Status: A
 
Attention: [EMAIL PROTECTED]

[A message has been sent to the originator, stating there is a virus
in the Email they just sent to you. No further action is required on
your part.]

A virus was found in an Email message sent to you. 
This Email scanner intercepted it and stopped the entire message
before it reached you. No further action is required on your part.

The virus was reported to be: 

 virus WORM_SWEN.A

Please contact your I.T support personnel with any queries regarding this 
policy.

The message sent to you had the following envelope:

MAIL FROM: [EMAIL PROTECTED]
RCPT TO:   
[EMAIL PROTECTED],[EMAIL PROTECTED],[email protected],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[email protected],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL 
PROTECTED],[EMAIL PROTECTED] 

... and with the following headers:

---
MAILFROM: [EMAIL PROTECTED]
Received: from unknown (HELO xjkjtu) ([218.13.213.193]) (envelope-sender 
<[EMAIL PROTECTED]>)
          by msa.url.com.tw (qmail-ldap-1.03) with SMTP
          for <[EMAIL PROTECTED]>; 23 Sep 2003 06:37:57 -0000
FROM: "Network Message Service" < >
TO: "Mail User" <[EMAIL PROTECTED]>
SUBJECT: Letter
Mime-Version: 1.0
Content-Type: multipart/alternative;
        boundary="nwybkvz"


---
fin du message r�exp�di�.
-- 
ultimateclem
Debian user

Répondre à