Today I detected a .pif virus in a users mailbox . It somehow tricked IMGate, but I'm unable to find the real reason for it. Here are the logs,
May 28 08:42:01 mail3 postfix/smtpd[29457]: disconnect from unknown[194.29.208.15] May 28 08:44:03 mail3 postfix/smtpd[29466]: connect from sc018pub.verizon.net[206.46.170.64] May 28 08:44:03 mail3 postfix/smtpd[29466]: 90F7D17B9: client=sc018pub.verizon.net[206.46.170.64] May 28 08:44:04 mail3 postfix/cleanup[29467]: 90F7D17B9: message-id=<[EMAIL PROTECTED]> May 28 08:44:04 mail3 postfix/nqmgr[24682]: 90F7D17B9: from=<[EMAIL PROTECTED]>, size=114663, nrcpt=1 (queue active) May 28 08:44:04 mail3 postfix/smtpd[29466]: disconnect from sc018pub.verizon.net[206.46.170.64] May 28 08:44:04 mail3 postfix/smtp[29468]: 90F7D17B9: [EMAIL PROTECTED], relay=216.133.67.7[216.133.67.7], delay=1 , status=sent (250 Message queued) PS: Check out the message size, (114663bytes). PS 2: The sender seems in the header as [EMAIL PROTECTED] however, in the logs, it seems it's coming from [EMAIL PROTECTED] Which one is forged? PS 3: Message id matches the one in the header. -> <[EMAIL PROTECTED]> Any ideas ? Thanks.
