Disallowed attachment type found in sent message "Re: details"
Attention: [EMAIL PROTECTED] A Disallowed attachment type was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The Disallowed attachment type was reported to be: EXE files not allowed per Company security policy Please contact your IT support personnel with any queries regarding this policy. Your message was sent with the following envelope: MAIL FROM: [EMAIL PROTECTED] RCPT TO: [EMAIL PROTECTED] ... and with the following headers: --- MAILFROM: [EMAIL PROTECTED] Received: from 250-66-109-203.static.iqara.net (HELO tassgroup.com) (203.109.66.250) by tassgroup.com with SMTP; 8 Jan 2007 09:02:25 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: details Date: Mon, 8 Jan 2007 14:18:57 +0530 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0016=_NextPart_000_0016" X-Priority: 3 X-MSMail-Priority: Normal --- The original message is kept in: mail.bootham.com:/var/spool/qmailscan/quarantine/new/mail.bootham.com1168246945469948 where the System Anti-Virus Administrator can further diagnose it. The Email scanner reported the following when it scanned that message: --- ---perlscanner results --- Disallowed attachment type 'EXE files not allowed per Company security policy' found in file /var/spool/qmailscan/tmp/mail.bootham.com1168246945469948/details.exe ---perlscanner results --- Disallowed attachment type 'EXE files not allowed per Company security policy' found in file /var/spool/qmailscan/tmp/mail.bootham.com1168246945469948/details.exe --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: details about EOL (of FreeBSD 5.4) ?
Kris Kennaway wrote: On Tue, May 09, 2006 at 10:40:06AM -0500, Greg Barniskis wrote: If 2006 is accurate, this is registering on me as a significant POLA violation. Very hard to believe this is accurate. If accurate, what list/channel/forum should I have been paying more attention to? security@, and the website where this has been announced for a LONG TIME. The policy and rationale is all there. OK, thanks. Searched back in my security@ archives and found it, plain as day. The discussion of 5.4's fate did happen long ago. I actually read it carefully at the time but didn't think much of it, believing we'd surely have our servers on 6.x by now. So I totally take back the POLA statement -- I knew this was coming and it was my mistake to forget and let mgmt. defer the upgrade plan. We'll do an interim hop from RELENG_5_4 to RELENG_5, and escalate our path to 6.x adoption. Actually, it'll be nice to wave the EOL stick to force some action on that. Running EOL server parts is against policy. =) -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: details about EOL (of FreeBSD 5.4) ?
On Tue, May 09, 2006 at 10:40:06AM -0500, Greg Barniskis wrote: > Kris Kennaway wrote: > >On Tue, May 09, 2006 at 11:20:21AM +0200, albi wrote: > >>i'm running 5.4 on a few servers, and i wondered till when > >>security-updates will be available > >> > >>http://www.freebsd.org/security/ says that the EOL is estimated may 31 > >>2006, but does that also mean no more security-updates for 5.4 ? > > > >Yes. > > [blink blink] > > I'm not at all opposed to RE@ and security@ making hard decisions > and doing whatever is needed to best further the project's goals (so > please don't read this as flame bait). But I have to confirm what I > just read: > > 5.4 is EOL before 5.5 is released, and even before 4.11 and 5.3 are > EOL? Or is it really the case that the EOL table should list /2007/ > for 5.4 (same day as RELENG_5)? > > If 2006 is accurate, this is registering on me as a significant POLA > violation. Very hard to believe this is accurate. If accurate, what > list/channel/forum should I have been paying more attention to? security@, and the website where this has been announced for a LONG TIME. The policy and rationale is all there. Kris pgpABiyIRbQPT.pgp Description: PGP signature
Re: details about EOL (of FreeBSD 5.4) ?
Kris Kennaway wrote: On Tue, May 09, 2006 at 11:20:21AM +0200, albi wrote: i'm running 5.4 on a few servers, and i wondered till when security-updates will be available http://www.freebsd.org/security/ says that the EOL is estimated may 31 2006, but does that also mean no more security-updates for 5.4 ? Yes. [blink blink] I'm not at all opposed to RE@ and security@ making hard decisions and doing whatever is needed to best further the project's goals (so please don't read this as flame bait). But I have to confirm what I just read: 5.4 is EOL before 5.5 is released, and even before 4.11 and 5.3 are EOL? Or is it really the case that the EOL table should list /2007/ for 5.4 (same day as RELENG_5)? If 2006 is accurate, this is registering on me as a significant POLA violation. Very hard to believe this is accurate. If accurate, what list/channel/forum should I have been paying more attention to? PS - many thanks to all RE, security and all other contributors. Testing of 6.1 is indicating all is well for our purposes and hardware. So if 5.4 really is EOL, we'll move forward, just a little quicker than previously planned. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: details about EOL (of FreeBSD 5.4) ?
On Tue, May 09, 2006 at 11:20:21AM +0200, albi wrote: > > i'm running 5.4 on a few servers, and i wondered till when > security-updates will be available > > http://www.freebsd.org/security/ says that the EOL is estimated may 31 > 2006, but does that also mean no more security-updates for 5.4 ? Yes. > i have no problem with doing a reinstall with the brand new 6.1 (or is > the upgrade-jump from 5.4 to 6.1 no problem at all ?) , but i just like > to get an idea when that would be really needed :) 5.4 to 6.x is pretty straightforward. The only thing to watch out for is to recompile all your ports (which you have to do when crossing any major revision boundary). portupgrade -fa or -faPP makes this pretty easy though. Kris pgpLKyvv2CVFD.pgp Description: PGP signature
Re: Details
-BEGIN PGP SIGNED MESSAGE- *** [NOTE -- THIS IS AN AUTOMATED RESPONSE] Thank you for contacting the CERT(R) Coordination Center. We appreciate your contacting us and consider your communications with us to be very important. Because we focus our response efforts to have the greatest impact on the Internet community, we may be unable to provide you with a personal response to your message. Please review the pointers contained in this message for information which may be of immediate use to you. Section A - CERT/CC Current Activity Section B - Incident Reporting Information Section C - Vulnerability Reporting Information If you need additional information from the CERT/CC, we encourage you to begin by looking at our list of CERT/CC Frequently Asked Questions: http://www.cert.org/faq/cert_faq.html == Section A - CERT/CC Current Activity The CERT/CC Current Activity web page provides a summary list of the most frequent types of incident and vulnerability activity currently being reported to the CERT/CC. Please refer to this regularly updated page to obtain immediate assistance in response to frequently reported activity: http://www.cert.org/current/current_activity.html In addition, the latest CERT/CC documents can be found at: * CERT Advisories - http://www.cert.org/advisories/ * CERT Incident Notes - http://www.cert.org/incident_notes/ * CERT Vulnerability Notes - http://www.kb.cert.org/vuls/ * CERT Summaries - http://www.cert.org/summaries/ * CERT Tech Tips - http://www.cert.org/tech_tips/ * What's New - http://www.cert.org/nav/whatsnew.html * CERT/CC Web Site - http://www.cert.org/ For pointers to information about computer viruses and hoaxes, please see: * http://www.cert.org/other_sources/viruses.html == Section B - Incident Reporting Information We appreciate receiving incident reports because it helps us to gain a better understanding of ongoing intruder activities and attack profiles. From the information we receive, we are able to identify and address critical security issues within the Internet community. Because we prioritize our response efforts to have the greatest impact on the Internet community, we are not be able to provide everyone with a personal response. For general information about reporting incidents to the CERT/CC, please see our Incident Reporting Guidelines at: http://www.cert.org/tech_tips/incident_reporting.html To report incidents to the CERT/CC, please send information about the incident in plain text format to [EMAIL PROTECTED] You may wish to use our Incident Reporting Form, located at: http://www.cert.org/reporting/incident_form.txt The CERT/CC considers the following types of incidents to be emergencies: * possible life-threatening activity * attacks on the Internet infrastructure, such as: - root name servers - domain name servers - major archive sites - network access points (NAPs) * widespread automated attacks against Internet sites * new types of attacks or new vulnerabilities If you are reporting such an emergency outside our operational hours - business days between 08:00-17:00 EST/EDT (GMT-5/GMT-4) and require immediate assistance, then please call the CERT hotline: +1 412 268 7090 If you believe the intruder activity is a threat to people's lives or to the Internet infrastructure, please contact us immediately. == Section C - Vulnerability Reporting Information If you would like to report a new type of vulnerability or tool being used by the intruder community, we would be interested in any details that you may have. If you are able, please include any or all of source code, log files of execution, and descriptions of operating dependencies. Please feel free to submit these details in ASCII format files (where possible) of your own design, or if you prefer to use a form, please see the file: http://www.cert.org/reporting/vulnerability_form.txt Please also encrypt the report using PGP if you are able to do so. Instructions are given at the top of the reporting form. Our vulnerability disclosure policy is available at http://www.kb.cert.org/vuls/html/disclosure == CERT(R) Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA USA 15213-3890 Internet e-mail: [EMAIL PROTECTED] (monitored during business hours) Telephone: +1-412-268-7090 24-hour hotline CERT Coordination Center pers
