On Sat, 5 Feb 2005, Jeff Groves wrote:

I think the two Received: headers could be enough considering the worm
probably has it's own SMTP engine. The way to answer this for sure is
to see if it is in the 'post' log.

Jan 27 22:55:10 2005 (39139) post to vgc-announce from [EMAIL PROTECTED], size=39384, message-id=<[EMAIL PROTECTED]>, success


I agree with Mark and would go even further that it is all you need to know. The pcp08579508pcs.alxndr01.va.comcast.net address, which is indicative of a Comcast end-user in Alexandria, Virginia, is plenty to know that the user that had the address at the particular time (Thu, 27 Jan 2005 21:15:35 -0500 (EST)) was infected with some type of worm.

Jeff, I had already worked out that much. And it might have trolled the list posting address from an address book or a previous email...but...


1) (This is the question I've been wanting the answer to the whole time)...Why did it not require approval? When Eric Graves (the same guy, same email address, the list owner and moderator), goes to make a post, it gets held back with a "requires approval". Up until recently, we took this as a sign that security was as it should be. Even if someone spoofed the email address, we'd have a chance to catch it.

2) Why isn't it in the vette log?

3) If the worm spoofed all the x-mailman headers and everything, and magically managed to insert itself into the pipermail archives, why are the logs missing?

--

"Happy, Sad, Happy, Sad, Happy, Sad, Happy, Intruiged!  I've never been so
in touch with my emotions!"

-AndrAIa as Hexadecimal, Reboot Episode 3.2.3

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to