real virus, or FP from mcafee?

Ron Snyder 20 May 2004 23:25:20 -0000

I'm getting a bunch of virus alerts from mcafee for "Exploit-objectdata",
and I'm pretty sure the stuff below is what's triggering it.  The text in
the sendmail data file (pulled straight from the df*) is exactly as you see
it below (including the '=' in the right column), with the exception that
I've changed "object data" to "xxxx" in order to hopefully avoid any other
alerts that folks might have.



 </font></CENTER><xxxx=3D"&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#=
119;&#119;&#119;&#46;&#102;&#97;&#116;&#98;&#111;&#110;&#117;&#115;&#99;&#=
97;&#115;&#105;&#110;&#111;&#46;&#99;&#111;&#109;&#47;&#112;&#97;&#103;&#1=
01;&#46;&#112;&#104;&#112;">


Are there programs that can be used to decode this, so I can see exactly
what this converts to w/o doing it by hand?
Is this actually an attack?

It's interesting to see a lot of this type of stuff in the sendmail q*, too
(verbatim):
H??Received: from %RECEIVED.msn.com (%RECEIVED.msn.com [51.164.64.10]) by
68.116.3.36 %REC_WITH;
         Fri, 21 May 2004 05:52:07 +0600
H??Date: Thu, 20 May 2004 19:01:07 -0500
H??From: "Louis Baca" <[EMAIL PROTECTED]>
H??Reply-To: "Louis Baca" <[EMAIL PROTECTED]>
H??Message-Id: <[EMAIL PROTECTED]>

Thanks,
-ron

real virus, or FP from mcafee?

Reply via email to