I found this in my qmail-scanner program. I thought the list might be
interested in it.
sub is_automated_email {
#This subroutine is used to see if the sender of this virus
#was a mailing-list/postmaster/etc. If it is we don't want to
#send a reply.
if ($headers{'x-loop'} || $headers{'x-listname'} ||
$headers{'x-listmember'} || $headers{'mailing-list'} ||
$headers{'x-mailing-list'} || $headers{'precedence'} =~
/^(bulk|list|junk)$/i || $returnpath =~
/^$|daemon|request|bounce|mailer|postm|owner|lists|words|majordom|experts|\-
(return|error)/i) {
return 1;
} else {
return 0;
}
}
-----Original Message-----
From: Brett Randall [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 23, 2001 10:13 AM
To: [EMAIL PROTECTED]
Subject: Fw: FOUND VIRUS IN MAIL from
[EMAIL PROTECTED] to
[EMAIL PROTECTED]
Just a quick note to any Winblowz users (and I can't say much...I'm sending
this from my much hated Winblowz terminal running OE ATM)... A recent mail
to the qmail list (in the last few minutes) contained a well-known virus...
But then again, maybe I shouldn't be telling you this ;)
B.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 24, 2001 12:09 AM
Subject: FOUND VIRUS IN MAIL from
[EMAIL PROTECTED] to
[EMAIL PROTECTED]
> The attached mail has been found to contain a virus
> The mail has been stored as /var/virusmails/qmailq/virus-20010424-27042
> xxxxxxxxxxxxxxxxxxTue Apr 24 00:09:00 EST 2001xxxxxxxxxxxxxxxxxxxxxxx
> qmail-remote (0.2.1) called ipsware.com
[EMAIL PROTECTED] [EMAIL PROTECTED]
> FROM: [EMAIL PROTECTED]
> TO: [EMAIL PROTECTED]
> maxlevel: 0
> Contents of /var/tmp/qmail-remote27042/unpacked
> total 36
> drwx------ 3 qmailq qmail 4096 Apr 24 00:09 .
> drwx------ 3 qmailq qmail 4096 Apr 24 00:09 ..
> -rw------- 1 qmailq qmail 281 Apr 24 00:09
988034940.27065-0.misspiggy
> -rw------- 1 qmailq qmail 16896 Apr 24 00:09 Emanuel.exe
> drwx------ 2 qmailq qmail 4096 Apr 24 00:09 SFX
>
> /var/tmp/qmail-remote27042/unpacked/SFX:
> total 8
> drwx------ 2 qmailq qmail 4096 Apr 24 00:09 .
> drwx------ 3 qmailq qmail 4096 Apr 24 00:09 ..
> Scanning /var/tmp/qmail-remote27042/unpacked/*
> Scanning file
/var/tmp/qmail-remote27042/unpacked/988034940.27065-0.misspiggy
> Scanning file /var/tmp/qmail-remote27042/unpacked/Emanuel.exe
> /var/tmp/qmail-remote27042/unpacked/Emanuel.exe
> Found the W32/Navidad.e@M trojan !!!
>
> Summary report on /var/tmp/qmail-remote27042/unpacked/*
> File(s)
> Total files: ........... 2
> Clean: ................. 1
> Possibly Infected: ..... 1
> H+BEDV AntiVir scanstatus0 is: 0
> Mcafee scanstatus1 is: 0
> Dr. Solomon (old) scanstatus2 is: 0
> Dr. Solomon (new) scanstatus3 is: 0
> Sophos Sweep scanstatus4 is: 0
> NAI Virus Scan 4.x scanstatus5 is: 13
> KasperskyLab AVP scanstatus6 is: 0
> KasperskyLab AVPDaemonClient scantatus7 is: 0
> F-Secure Antivirus scanstatus8 is: 0
> Trend Micro FileScanner scanstatus9 is: 0
> CyberSoft vfind scanstatus10 is: 0
> CAI InoculateIT (inocucmd) scanstatus11 is: 0
>
> Virus FOUND Sent notification to [EMAIL PROTECTED]
>
>
