Re: Virus warnings originating from the list
Me too, 1 or 2 per day usually - but my server rejects them and then the maillist server complains that msgs to me are bouncing: Some messages to you could not be delivered. If you're seeing this message it means things are back to normal, and it's merely for your information. Here is the list of the bounced messages: 6772 On 12/30/10 1:53 PM, Karl Kloppenborg wrote: Hi Willy, I receive roughly two per day from the same place, which is this formilux servers.. at least two, sometimes (but rarely) three emails a day. --Karl ;) *Karl Kloppenborg* Head of Development *Phone:*1300 884 839 /(AU Only - Business Hours)/ *Website:*AU http://www.crucial.com.au http://www.crucial.com.au/| US http://www.crucialp.com http://www.crucialp.com/ On 31/12/2010, at 2:22, Willy Tarreau wrote: Hi Karl, On Thu, Dec 30, 2010 at 05:24:08PM +1100, Karl Kloppenborg wrote: Hey guys, Our mailserver keeps popping its head up and crying about someone on the list with a virus infection: -- VIRUS ALERT Our content checker found viruses: Suspect.DoubleExtension-zippwd-9, Worm.Mydoom.M in an email to you from probably faked sender: ?...@[88.191.124.161] claiming to be: haproxy+bounces-6752-karl=crucialp@formilux.org mailto:haproxy+bounces-6752-karl=crucialp@formilux.org Content type: Virus Our internal reference code for your message is 15320-02/7TgmtDhTpGW9 First upstream SMTP client IP address: [88.191.124.161] flx02.formilux.org http://flx02.formilux.org According to a 'Received:' trace, the message apparently originated at: [88.191.124.161], flx02.formilux.org http://flx02.formilux.org flx02.formilux.org http://flx02.formilux.org [127.0.0.1] (...) Strange, I don't recall having noticed any such message. Maybe they're simply deleted before reaching me, but I don't think so as I'm not performing any filtering on the ML at home. How many of them do you get a day ? Willy
Re: Virus warnings originating from the list
They are originating from anyone who sends a virus to haproxy@formilux.org. As the list is open access and will remain so (as was recently discussed on the list) we will continue to receive these viruses, unless filtering is put into place that blocks viruses from being sent to the list. In all honesty, they aren't really that big a deal. -JohnF On 10-12-31 09:41 PM, Karl Kloppenborg wrote: So, we should find out where these are originating from have and have them stopped? Karl Kloppenborg Head of Development Phone:1300 884 839(AU Only - Business Hours) Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com On 31/12/2010, at 20:05, Hank A. Paulson wrote: Me too, 1 or 2 per day usually - but my server rejects them and then the maillist server complains that msgs to me are bouncing: Some messages to you could not be delivered. If you're seeing this message it means things are back to normal, and it's merely for your information. Here is the list of the bounced messages: 6772 On 12/30/10 1:53 PM, Karl Kloppenborg wrote: Hi Willy, I receive roughly two per day from the same place, which is this formilux servers.. at least two, sometimes (but rarely) three emails a day. --Karl ;) *Karl Kloppenborg* Head of Development *Phone:*1300 884 839 /(AU Only - Business Hours)/ *Website:*AU http://www.crucial.com.au http://www.crucial.com.au/| US http://www.crucialp.com http://www.crucialp.com/ On 31/12/2010, at 2:22, Willy Tarreau wrote: Hi Karl, On Thu, Dec 30, 2010 at 05:24:08PM +1100, Karl Kloppenborg wrote: Hey guys, Our mailserver keeps popping its head up and crying about someone on the list with a virus infection: -- VIRUS ALERT Our content checker found viruses: Suspect.DoubleExtension-zippwd-9, Worm.Mydoom.M in an email to you from probably faked sender: ?...@[88.191.124.161] claiming to be: haproxy+bounces-6752-karl=crucialp@formilux.org mailto:haproxy+bounces-6752-karl=crucialp@formilux.org Content type: Virus Our internal reference code for your message is 15320-02/7TgmtDhTpGW9 First upstream SMTP client IP address: [88.191.124.161] flx02.formilux.org http://flx02.formilux.org According to a 'Received:' trace, the message apparently originated at: [88.191.124.161], flx02.formilux.org http://flx02.formilux.org flx02.formilux.org http://flx02.formilux.org [127.0.0.1] (...) Strange, I don't recall having noticed any such message. Maybe they're simply deleted before reaching me, but I don't think so as I'm not performing any filtering on the ML at home. How many of them do you get a day ? Willy
Re: Virus warnings originating from the list
Hi Karl, On Thu, Dec 30, 2010 at 05:24:08PM +1100, Karl Kloppenborg wrote: Hey guys, Our mailserver keeps popping its head up and crying about someone on the list with a virus infection: -- VIRUS ALERT Our content checker found viruses: Suspect.DoubleExtension-zippwd-9, Worm.Mydoom.M in an email to you from probably faked sender: ?...@[88.191.124.161] claiming to be: haproxy+bounces-6752-karl=crucialp@formilux.org Content type: Virus Our internal reference code for your message is 15320-02/7TgmtDhTpGW9 First upstream SMTP client IP address: [88.191.124.161] flx02.formilux.org According to a 'Received:' trace, the message apparently originated at: [88.191.124.161], flx02.formilux.org flx02.formilux.org [127.0.0.1] (...) Strange, I don't recall having noticed any such message. Maybe they're simply deleted before reaching me, but I don't think so as I'm not performing any filtering on the ML at home. How many of them do you get a day ? Willy
Virus warnings originating from the list
Hey guys,Our mailserver keeps popping its head up and crying about someone on the list with a virus infection:--VIRUS ALERTOur content checker foundviruses: Suspect.DoubleExtension-zippwd-9, Worm.Mydoom.Min an email to you from probably faked sender:?...@[88.191.124.161]claiming to be: haproxy+bounces-6752-karl=crucialp@formilux.orgContent type: VirusOur internal reference code for your message is 15320-02/7TgmtDhTpGW9First upstream SMTP client IP address: [88.191.124.161]flx02.formilux.orgAccording to a 'Received:' trace, the message apparently originated at:[88.191.124.161],flx02.formilux.orgflx02.formilux.org[127.0.0.1]Return-Path: haproxy+bounces-6752-karl=crucialp@formilux.orgFrom: "Post Office" nore...@formilux.orgMessage-ID: 20101230062044.8c0b56...@mail.formilux.orgX-Mailer: Microsoft Outlook Express 6.00.2600.Subject: Returned mail: Data format errorThe message has been quarantined as: virus-7TgmtDhTpGW9Please contact your system administrator for details.-Can people please check their systems to ensure they have not been infected, because this is a rather annoying message that I am constantly getting :)Then again, if I am reading it wrong.. be nice to me willy :P Karl KloppenborgHead of DevelopmentPhone:1300 884 839(AU Only - Business Hours)Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com
