This virus sent to the list shows the problem of complete lack of
moderation. What would be best is a filter that does a virus scan and WARNS
about possible virus, but does not block anything. You would still be
responsible for personal digital hygiene, but would have a flag to filter
on.
Here are the headers of this message with McAfee message and a whois on the
originating MTA IP.
Return-Path: <[EMAIL PROTECTED]>
Received: from netsys.com (NETSYS.COM [199.201.233.10])
by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D
for <[EMAIL PROTECTED]>; Wed, 24 Mar 2004 17:17:19 -0500
(EST)
Received: from NETSYS.COM (localhost [127.0.0.1])
by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
i2OM4lJ28528;
Wed, 24 Mar 2004 17:04:47 -0500 (EST)
Received: from kermit ([62.38.237.28])
by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727
for <[EMAIL PROTECTED]>; Wed, 24 Mar 2004 16:27:34
-0500 (EST)
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------sbeuunoxpacatulivtum"
Subject: [Full-Disclosure] meay-meay!
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,
<mailto:[EMAIL PROTECTED]>
List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
<mailto:[EMAIL PROTECTED]>
List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
Date: Wed, 24 Mar 2004 23:27:25 +0200
****************** McAfee VirusScan ************************
******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 *********
*********************************************************************
McAfee VirusScan has detected a potential threat in this e-mail
sent by [EMAIL PROTECTED]
The following actions were attempted on each suspicious part.
We strongly recommend that you report this virus-related activity
to [EMAIL PROTECTED]
The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip
Virus(es).
This attachment has been cleaned.
===================whois for sending MUA ==========
03/25/04 08:29:36 whois [EMAIL PROTECTED]
whois -h whois.ripe.net 62.38.237.28 ...
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 62.38.0.0 - 62.38.255.255
netname: GR-HOL-20010530
descr: Hellas On Line S.A.
descr: PROVIDER
country: GR
admin-c: HA194-RIPE
tech-c: CO95-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS3329-MNT
changed: [EMAIL PROTECTED] 20010530
changed: [EMAIL PROTECTED] 20031210 # gr.hol.aval via
https://lirportal.ripe.net
source: RIPE
route: 62.38.0.0/16
descr: HOL
origin: AS3329
mnt-lower: AS3329-MNT
mnt-routes: AS3329-MNT
mnt-by: AS3329-MNT
changed: [EMAIL PROTECTED] 20010530
source: RIPE
role: HOL Administration
address: Hellas On Line S.A.
address: Harilaou Trikoupi 151
address: N. Kiffisia, Greece 14564
e-mail: [EMAIL PROTECTED]
trouble: Questions....... mail to: [EMAIL PROTECTED]
trouble: Spam Reports.... mail to: [EMAIL PROTECTED]
trouble: Abuse Reports... mail to: [EMAIL PROTECTED]
admin-c: KK5841-RIPE
tech-c: AV845-RIPE
tech-c: TK583-RIPE
tech-c: CO95-RIPE
nic-hdl: HA194-RIPE
mnt-by: AS3329-MNT
changed: [EMAIL PROTECTED] 19970821
changed: [EMAIL PROTECTED] 19970826
changed: [EMAIL PROTECTED] 19981217
changed: [EMAIL PROTECTED] 20000110
changed: [EMAIL PROTECTED] 20010314
changed: [EMAIL PROTECTED] 20020121
changed: [EMAIL PROTECTED] 20030624
source: RIPE
role: HOL Network Operations Center
address: Hellas On Line S.A.
address: Harilaou Trikoupi 151
address: N. Kiffisia, Greece 14564
e-mail: [EMAIL PROTECTED]
trouble: Questions....... mail to: [EMAIL PROTECTED]
trouble: Spam Reports.... mail to: [EMAIL PROTECTED]
trouble: Abuse Reports... mail to: [EMAIL PROTECTED]
admin-c: KK5841-RIPE
tech-c: AV845-RIPE
tech-c: TK583-RIPE
nic-hdl: CO95-RIPE
mnt-by: AS3329-MNT
changed: [EMAIL PROTECTED] 19970821
changed: [EMAIL PROTECTED] 19981217
changed: [EMAIL PROTECTED] 20000110
changed: [EMAIL PROTECTED] 20010314
changed: [EMAIL PROTECTED] 20010320
changed: [EMAIL PROTECTED] 20010607
changed: [EMAIL PROTECTED] 20020121
changed: [EMAIL PROTECTED] 20030909
source: RIPE
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: March 24, 2004 4:27 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] meay-meay!
The access is open !!!
password for archive: 01825
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
