20040324 110224 127.0.0.1 SMTPD (D53600D6) [10.10.10.3] connect 207.171.167.25 port 19310 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] HELO iad-fw-global.amazon.com 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] MAIL From:<[EMAIL PROTECTED]> 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] RCPT To:<[EMAIL PROTECTED]> 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] C:\IMail\spool\Db110d53600d64d81.SMD 44044 20040324 110224 127.0.0.1 SMTPD (D53600D6) performing antispam checks
03/24/2004 11:02:31 Qb110d53600d64d81 Scanned: Virus Free -- Norton detected it as [EMAIL PROTECTED] virus from the attachment of msg_auto-confirm.pif. Norton definitions on the desktop are dated 3/22/04. The file size reported by Norton for the attached file was 28.8 KB. Thanks, - Rodney -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Wednesday, March 24, 2004 3:44 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Netsky returns with auto-response Virus log file snippet??? That helps. Have you viewed the source of the message? Could have been a zero byte file. I've seen a lot fo these with Netsky, though I thought they were all just empty zips. Matt Rodney Bertsch wrote: >If this has been covered in the list please give me a keyword to search the >archives so I can look up the fix, if not we're open for suggestions to halt >this problem. > >We have declude 1.78i27 with the latest version of definitions for >Innoculan. We've been catching tons of Netsky and others without a problem, >until this one slipped through. Netsky spoofed our user's e-mail address >as the sender and sent to [EMAIL PROTECTED] Amazon happily >auto-responded with the full content of the e-mail and sent Netsky right >into our users mailbox. > >First of all, it doesn't look like the e-mail was scanned at all since it >was a return message. Secondly it contained a .PIF file attachment, which >we block. So it appears it slipped past both safety checks. Luckily Norton >caught the virus at the desktop level. > >Any help would be much appreciated. > >Thanks, > >Rodney Bertsch >IS Coordinator >Kirk NationaLease Co. > > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". The archives can be found >at http://www.mail-archive.com. > > > > -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
