Sorry... I was in a rush on Friday and neglected to check the obvious before emailing the list. :(
A quick and simple check of the quaranteened emails proved that this IFrame acts in a similar manner to Klez in that it spoofs the email headers. --- Bill Arlofski Unix/Novell Systems Administrator The Hotchkiss School [EMAIL PROTECTED] 860-435-3140 >>> "Bill Arlofski" <[EMAIL PROTECTED]> 8/15/2002 1:56:24 PM >>> I apologize for emailing this list regarding this but I just ran into a minor issue. (thanks again microsoft outlook and internet explorer) Yesterday I upgraded to qmail-scanner v1.13 so that I could re-enable sender notifies, and omit notices on the 50+/day Klez captures I am getting. (nice addition to qmail-scanner!) I noticed today in my qmail-scanner logs a lot of the following: (apologies for word wrap) 15/08/2002 12:41:24 [EMAIL PROTECTED] [EMAIL PROTECTED] Have a funny Assumption Exploit.IFrame.FileDownload Note that dcourcey is NOT sending these since he has not worked here in over a year. This virus appears to be Klez-like in that the email is forged, but I can not find ANYwhere on any of the Anti-virus sites a reasonably detailed description of this virus. I keep finding this exact description over and over: http://www.viruslist.com/eng/index.html?tnews=1003&id=48540 or this one: http://securityresponse.symantec.com/avcenter/venc/data/iframe.exploit.html And the info at microsoft link is not specific regarding header forging or otherwise. Can anyone point me at a specific notice regarding this virus, or provide me with a definitive "this forges emails like klez" response? Thanks and apologies for a non-qmail-scanner specific email here... Keep up the great work! --- Bill Arlofski Unix/Novell Systems Administrator The Hotchkiss School [EMAIL PROTECTED] 860-435-3140 ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
