|
Could someone help me with a little more detail on this. I'm wondering
specifically about if this affects networks behind Webshield SMTP, or
E-mail coming from a network protected by Webshield SMTP...or something
else? The message below seems to be generated by Webshield SMTP in response to an E-mail with a virus in it, and it includes an improperly formatted Date field (Date: Tue Aug 26 16:48:12 2003). Would this affect anything besides automated notifications originating from Webshield SMTP? Scott, you also mentioned that you believed it was safe to fail automatically on BADHEADERS because such E-mail will also be rejected by other servers, not just a Declude protected one. I'm wondering if these other such servers are common, and therefore enough of an issue that non-complient products would be compelled to fix their code. I would imagine that some of your tests in BADHEADERS are less serious than others, possibly the date for instance, and those might be passed by most mail servers. I have found in the last 36 hours of monitoring that failing E-mail based on BADHEADERS would clean up about 1/3 of the spam that is getting through, and in that time, I haven't caught a legit E-mail that failed this test, though I haven't set up a catch account for it specifically, but will do momentarily. I can't remember what exactly it was that made me reduce the score to just 3/10, but I'm sure it was necessary in order to let something through that I believed was important, though this might have been the result of the test catching an automated notification from a firewall. If others have more examples of BADHEADERS false positives, please send them along, I would appreciate this greatly. Thanks in advance for any insight. Matt Marc Catuogno wrote: Scott-After reading your e-mail recommending that you can hold on bad headers I tripled the weight. Although I really don't care much that this was held right now if virus did really come through my server I would like to get this. Any idea why a Webshield Alert would fail BADHEADERS? (if that is where this is really from...)Received: from ASSENTOR4.corp.isib.net [199.250.13.98] by mail.prudentialrand.com with ESMTP (SMTPD32-7.15) id A5AE450008A; Tue, 26 Aug 2003 17:48:30 -0400 Received: from MSMP2.corp.isib.net (unverified) by ASSENTOR4.corp.isib.net (Content Technologies SMTPRS 4.2.10) with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Tue, 26 Aug 2003 16:48:11 -0500 Received: from SMTPAV2.corp.isib.net (unverified) by MSMP2.corp.isib.net (Content Technologies SMTPRS 4.2.5) with SMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Tue, 26 Aug 2003 16:48:11 -0500 Message-ID: <[EMAIL PROTECTED]> X-Mailer: Network Associates, Inc. Webshield SMTP, Version 4.5 Date: Tue Aug 26 16:48:12 2003 To: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Subject: [SPAM]Virus Detected by Network Associates, Inc. Webshield SMTP V4.5 X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8010000e]. X-RBL-Warning: HELOBOGUS: Domain ASSENTOR4.corp.isib.net has no MX or A records. X-RBL-Warning: WEIGHT10: Weight of 20 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [199.250.13.98] X-Declude-Spoolname: Dd5ae0450008aaab3.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, IPNOTINMX, NOLEGITCONTENT, WEIGHT10, WEIGHT20, WEIGHT15 [20] X-Note: This E-mail was sent from mplfw2.dainrauscher.com ([199.250.13.98]). SMTPAV1: Network Associates WebShield SMTP V4.5 on SMTPAV2 detected virus W32/[EMAIL PROTECTED] in attachment thank_you.pif from <[EMAIL PROTECTED]> and it was Cleaned and Quarantined. RBC Dain Rauscher does not accept buy, sell or cancel orders by e-mail, or any instructions by e-mail that would require your signature. Information contained in this communication is not considered an official record of your account and does not supersede normal trade confirmations or statements. Any information provided has been prepared from sources believed to be reliable but is not guaranteed, does not represent all available data necessary for making investment decisions and is for informational purposes only. This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you receive this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Information received by or sent from this system is subject to review by supervisory personnel, is retained and may be produced to regulatory authorities or others with a legal right to the information. --- [This E-mail scanned for viruses by Declude Virus] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, August 26, 2003 01:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] [IMail Forum] Cannot receive messages from Comcast.net accounts |
- RE: [Declude.JunkMail] [IMail Forum] Cannot receive mess... Bridges, Samantha
- RE: [Declude.JunkMail] [IMail Forum] Cannot receive... R. Scott Perry
- Re: [Declude.JunkMail] [IMail Forum] Cannot rec... Matthew Bramble
- Re: [Declude.JunkMail] [IMail Forum] Cannot... R. Scott Perry
- RE: [Declude.JunkMail] [IMail Forum] Ca... Marc Catuogno
- RE: [Declude.JunkMail] [IMail Foru... R. Scott Perry
- [Declude.JunkMail] Webshield f... Marc Catuogno
- Re: [Declude.JunkMail] Web... R. Scott Perry
- Re: [Declude.JunkMail] [IMail Foru... Matthew Bramble
- Re: [Declude.JunkMail] [IMail ... R. Scott Perry
- Re: [Declude.JunkMail] [IMail ... Matthew Bramble
- Re: [Declude.JunkMail] [IM... R. Scott Perry
- Re: [Declude.JunkMail] [IM... Matthew Bramble
- Re: [Declude.JunkMail] [IM... R. Scott Perry
- RE: [Declude.JunkMail] [IMail Forum] Cannot receive... Greg Foulks
- [Declude.JunkMail] .pif.htm attachments Harlan Young
