I was right. Several users scrubbers did the exact same thing.
That could be a real problem. Imagine someone sending hundreds of emails
with that header info in the message body to any one site.
Even though it does not contain the actual virus, it could potentially
slow things down, or even clog the server.
What are the risks of having your scrub application run out of disk
space to store blocked emails?
I bet it depends on how one configures the stupid thing and in some
cases may cause virus protection to disappear!
FRIGHTENING
Per the request of GTA (also thought others may want a copy) I attached
a zipped text copy of my original email. The zip password is password
Danny H. Cox
Yield Dynamics, Inc.
(408) 764-9822
-----Original Message-----
From: Cox, Danny H.
Sent: Thursday, May 30, 2002 2:25 PM
To: [EMAIL PROTECTED]
Subject: [gb-users] ISP allowing SPAM and VIRUS emails outbound.
Importance: High
Hmmmm
The GTA server said my email had an attachment and there was a virus.
I think it mistook my header info as the virus that was in the original
email.
I ripped out the actual code portion though.
ODD!
We shall see if it dislikes this one.
FYI:
Telepac - overseas ISP has several systems replicating and delivering
not only SPAM, but VIRUS infected emails across the net.
I have been getting about 10 virus infected emails (to our Domain) every
day for the past 1.5 months now. ALL FROM ONE SITE.
Below this message is the header info from one of these emails.
So far, they have ignored all my requests to eliminate the problem.
Me, I just blocked their entire IP class at the firewall - Hell with
SPAM filters!
IP addresses within the classes in question are: 194.65.5.202 and
213.13.135.226
Do a "whois" by the IP addresses and you get the entire IP class.
Today, I sent them a copy (at their request) of their lovely virus
infected SPAM mail. If it unfurles on them (one can only hope), that's
not my problem.
They cannot say I failed to provide all the needed information to
resolve the problem.
Good luck,
Danny H. Cox
Yield Dynamics, Inc.
(408) 764-9822
Received: FROM fep03-svc.mail.telepac.pt BY xxxxxxxxx ; Wed May 29
03:43:17 2002 -0700
Received: from Hppnv ([213.13.50.13]) by fep03-svc.mail.telepac.pt
(InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with
SMTP
id <20020529104606.OCFI28485.fep03-svc.mail.telepac.pt@Hppnv>
for <webmaster@ xxxxxxxxxx.com>; Wed, 29 May 2002 11:46:06
+0100
From: akaishi <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
email and header info.zip
Description: email and header info.zip
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
