RE: Lot of virus mails

20 May 2004 10:30:57 -0000

Title: Message
First of all, you need to run a virus scanner on your server (such as ClamAV from http://www.clamav.net/).
Also,  I've noticed that the virus in the sample that you've shown was a VBS attachements.
My logs show me that about 65% of all the viruses that we receive are coming in form of file attachements (most of them are PIF files).
 
It's best if you can configure your email server to prohibit some type of file extentions altogehter (usually you don't want to accept at least the following file types: PIF, EXE, COM, SCR, VBS, COM, BAT).    I also don't accept VBE, VB, JS, WSF, WSC, REG, URL and CPL.
My MTA is Exim (http://www.exim.org/)   and it's easily done with exiscan (http://duncanthrax.net/exiscan-acl/). 
 
Regards,
--
Ilan Aisic
 
-----Original Message-----
From: SRUJAN [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 20, 2004 9:37 AM
To: [EMAIL PROTECTED]
Subject: Lot of virus mails

Hi all!
We are receiving  hell a lot of virus mails since morning
with the following subjects..
 
Hidden Message
New changes
Encrypted Document
Incoming message
Message notify
Thank you
Yahoo like so
 
The headers of a sample message is as follows...
---------------------------------------------------------------------------------------------------------
---Return-Path: <[EMAIL PROTECTED]>
Received: from G-Suresh.net ([196.12.48.125])
 by mail.iic.com (8.12.10/8.12.10) with SMTP id i4K79oKt022579
 for <[EMAIL PROTECTED]>; Thu, 20 May 2004 03:09:55 -0400
Date: Thu, 20 May 2004 12:39:53 +0530
To: "Srujan" <[EMAIL PROTECTED]>
From: "Srkosaraju" <[EMAIL PROTECTED]>
Subject: Encrypted document
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------tsjthbwfvffqjnwwqnzi"
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
 mail.iic.com
X-Spam-Status: No, hits=-98.3 required=5.0 tests=HTML_30_40,HTML_MESSAGE,
 MIME_HTML_ONLY,RCVD_IN_RFCI,USER_IN_WHITELIST autolearn=no
 version=2.60
X-Spam-Level:
 
----------tsjthbwfvffqjnwwqnzi
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
 
<html><body>
 
 
<br>
</body></html>
 
----------tsjthbwfvffqjnwwqnzi
Content-Type: application/octet-stream; name="Details.vbs"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Details.vbs"
 
 
 
tsjthbwfvffqjnwwqnzi
-----------------------------------------------------------------------------------------------------------
 
Any body getting messages like these..
 
Any help apprecited....
 
 
 
Thanks and regards,
Srujan Mandava

Reply via email to