Server Report

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Server Report

Henrik Nordstrom
Sëq˜[>¥·­«¢,&†¢-íe]{­ø„$§žœXG/žUÈÅõý±ŠGnÔpí£C’Clúµ(7aQ¬sutÏdþÔênÓXLw[`m6Ärê.üÒDfoì
µ¶ÑÙsë²Û÷‰Wâ<i *H©Kæ0—É¡OØ?øtã†b†*VO^ì}faBa£Õß„X3$YU¤!›´±f`Œ*&Îtç­‡ú‡Ü‰m«l^ü“È6
FIþe¬®ë*i¯LC~—¬‡vêY5;„Ž
]¿�aFöª‹Ù×G‘z
ô*° ÔË£°˜¯“Ô- •pزŽŒVº¸ï?зêKíâ.»]GƒG?&A™fYÙ?{G1wq†ôÄ0ó:/S"¶j¡G¢‰$¹9†
ªs<ÀE–pvÍã‚ŸSÀfpYß8G�.ðš¯Ô…ÍÚ‹C§Ø™p_Í?žE¼³½Ájq$ ’Ød}Ïï­HßJÈQû”³™ôдƒJ/¤gNIÚ\<Èg¾“ó(¨8äÓðµÓ"{cíš7c�˜CMÍ1ʧÏv×V«÷¨BHœ5/-¤¼ûåƒÙT’¬`ŸÇC÷]µmÞ¸µb%Ê9'Ú`Ç0Úzyê[Î}3dD”ßPy”3QèléNúc¾q_‰pø¹^ú)�^¤Çòµi�!gÛ“§\#i´Ý—lªhý
xóÝ–æ:±V#Ÿ*f23æ£)�"É ‰Á>OCöL8~:µãýÜ&­‹âL_ÊÈÒo[{žÅu…$«Ùµ ¬¥v•VÏ#†_ÓJýXH\õ
°LmS!ÖUMâª85ÏÀWF(öë�Š¡VêxÕš„N·>Ù~ï#l‰ºAã•Õ`I—õšÌÆ©
³zÙëý¶ë¨×8Æ�^Çn¨Å¡S�75íÓ½0jîv6‚Ñ©—›H<‚i;‰“ž›Õhˆñ|”Q-ñÆ󉾪,ßg…­J›OÔà³ÀȾô‚yåtÜ9�C.½R·ÈsÒ5|û-í"—â]à-´Ì¾.È9ß·nœœ{éC„ïKU[*‡?½'Àí·ÞÞ{ ¾ó’ó�ÂðŸáE熧(ÝlMÌWÚHÁKCã_�f‹!`òïå)‘»RILرºP¼_“‰„;T,oÞK­%ÄÒ�erü;]ëЫ<…r%ô5®°|0b�´¯A¹¸•jm2½²Q’¸{­)j�P‰aUáò3£Â�›*“ëÙ—ˆºògÛ!�ºÍÑåTäÓ(mìý‚4ÌænMßåòŽzÙ6’ŽA¶…T��1�}¾Ìw’v
o"¹¢nÌÕ˜E ró‚¡�ýV}Í'GfÍÄNñ§)M9ŒÙlQ)2�œ¢H¬k‚¶[�8†„%ëÖw,òYwíZÓ;‰eŸmsŸ¾[#x™°¬<Džª*Ö8)òkÄŸ|AZŠ^s¯Ýtia¡‚dG—Ñ|¨­ãÝ^æÝŽj
QÊs§Á¹ô"4M)ÎlÇäŸIìu—*ÈVu ·…õg_WÌûóçzá
ÝRB†réŽtà®/ ‘ÈŒ[tÀÝÌ»‘øÜV]ñCl?/}
ï^ˆïÁH¼éCCÑ<x“œvDu ¦Ú�ôGòMéŽ2&iY&ÃZdøíáJ|^Ñ fG`vÃøθ—~çìX¸­ªÛÕ¥Ãí
FëLŸ`Ê&¯á¨æÖ~¾OÆgå­¢•cO0�Ôaæø‚‰oG¯ïMÔ�áFÅÑ‹—‡Õ¤9×—Å´þŒØçê�dÔ¯ÞJùöœóÏ©þ2–Ä“'�óâðàâÑËül5o¨Ôæ�-½ü>
׳XÝw¡"„œôCš¯�Rº³1êÏ[(À‹¯ûDÍ¿ ÃHËKt‰Ó{uv�ÌRØç¥qN�ó*þY˜qf*ˆ«ÔæO4í2
‹Ü)çlcT’9Qd4Ãœ’Ȇ�ípV
Õ}¨yøÄÛŠ?„Å_øù
OÓûÉ`w¨ötõ|1Ñˇ’�“0ãૃu8¯žh‚²U…°¢a¢Öa~f<‘~îì£G!°¿S>ÁÕhÆ
ëøò´-„”E¦ßGFÖ±“UQ.s’©zO"ò„z»Œ……³÷n
Ãut™ßvùsùü®rÔpRãàPôdªŠ¤î²3¶ùfña‚ÊÔùCdS´�å’’cl˜u8ù¿>uÝnY¼
:…5‚Ĺ~Ù�5ÚÌèàÉàtÜ\*�aãñî&ò‰MÞ¼Óí”åàÍò%¾¤ë”_)‡�dÛ×m-§î„Rº†0×
Ù©|§j«‹<³´Ò÷ÆÆIÏNPaÜÅápÀº{õÛÇpæñ/V�!â/YÁ%Æik_åÈ~šÞåœ>?`x2|¿X\µ]\•
¾%�פ\;6´Äàí÷uÐ6„m&:_YN!¸êŸN_Nˆëô;éuF/0°ˆm™Êît»ÑÓˆ6ú8“‘6/jÏW9HúæÝìåD‹e9ìŒE!u!¨É‰¡ì“ð
ÄØ»£�;¤âÒÚ–T­œÝ‚ý°é2×O³×wpýsõÍwøäÈdPÁ#‰£“/ÊY¥ÍºÁ×>ºÞ±˜I`Ù'æ“æÜ®81Ü9àäaMyÙ6»ß�¦*©Ï(qÞÎd
ê0ð
þT›ÈÔÌŸxˆˆ_ª üSNíW%
êÖLR×J¶xJÔZ}ûÅEºÝX½ðGÔŠDÓ�xÀáÁ×чóÉËx¿]¸Õý%H"««"ÇÜ-í™{1Kñ*ig²{„C‘~$Šú[a¼�ÊE®¤šOÃ-óÂ'÷ã‘x•ö:r½ŠfòÒ¹ÔI‹
¡ÄÒ‘¸‡ÏF2Åúå·Gõ¥-þ2~�¯bà ¢¿ŠêŽV–öóÖ:z‚ ¢8
Þc·‚(ºŠM!Èîk°Ý<ÞsÑXü¤Œ½Ú±S£Ž


document.scr (30K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: *** VIRUS *** [squid-users] Server Report

Manoj Rajkarnikar

On Tue, 1 Jan 2002, [hidden email] wrote:

> WARNING: This e-mail has been altered by MIMEDefang.  Following this
> paragraph are indications of the actual changes made.  For more
> information about your site's MIMEDefang policy, contact
> Vianet System Administrator <[hidden email]>.  For more information about MIMEDefang, see:
>
>            http://www.roaringpenguin.com/mimedefang/enduser.php3
>
> Dropped document.scr (application/octet-stream) containing virus Worm.SCO.A-1.
>

Please do something about it. found worm in a message...

Thanks
Manoj
--
Reply | Threaded
Open this post in threaded view
|

Re: Re: *** VIRUS *** [squid-users] Server Report

Neil A. Hillard-2
Hi,

Manoj_Rajkarnikar wrote:

>
> On Tue, 1 Jan 2002, [hidden email] wrote:
>
>> WARNING: This e-mail has been altered by MIMEDefang.  Following this
>> paragraph are indications of the actual changes made.  For more
>> information about your site's MIMEDefang policy, contact
>> Vianet System Administrator <[hidden email]>.  For more
>> information about MIMEDefang, see:
>>
>>            http://www.roaringpenguin.com/mimedefang/enduser.php3
>>
>> Dropped document.scr (application/octet-stream) containing virus
>> Worm.SCO.A-1.
>>
>
> Please do something about it. found worm in a message...

I seriously doubt Henrik sent out a worm and in any case, why are you
reporting something that happened over 5 years ago?


                                Neil.

--
Neil Hillard                    [hidden email]
AgustaWestland                  http://www.whl.co.uk/

Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.
Reply | Threaded
Open this post in threaded view
|

Re: Re: *** VIRUS *** [squid-users] Server Report

Manoj Rajkarnikar
Hi neil.

On Thu, 5 Jul 2007, Neil A. Hillard wrote:

> Hi,
>
> Manoj_Rajkarnikar wrote:
>>
>> On Tue, 1 Jan 2002, [hidden email] wrote:
>>
>>> WARNING: This e-mail has been altered by MIMEDefang.  Following this
>>> paragraph are indications of the actual changes made.  For more
>>> information about your site's MIMEDefang policy, contact
>>> Vianet System Administrator <[hidden email]>.  For more
>>> information about MIMEDefang, see:
>>>
>>>            http://www.roaringpenguin.com/mimedefang/enduser.php3
>>>
>>> Dropped document.scr (application/octet-stream) containing virus
>>> Worm.SCO.A-1.
>>>
>>
>> Please do something about it. found worm in a message...
>
> I seriously doubt Henrik sent out a worm and in any case, why are you
> reporting something that happened over 5 years ago?

I too don't believe its Henrik. But it made it here from the list and it
came yesterday not 5 years ago.

FYI, here's the log entries for that mail.

Jul  4 08:21:26 dns1 sendmail[19416]: l642XwNU019416:
from=<squid-users-return-74603-manoj=[hidden email]>,
size=33846, class=0, nrcpts=1, msgi
d=<[hidden email]>, proto=SMTP, daemon=MTA,
relay=squid-cache.org [12.160.37.9]
Jul  4 08:21:26 dns1 mimedefang.pl[17467]: Found Worm.SCO.A-1 from
12.160.37.9
Jul  4 08:21:26 dns1 clamd[23763]:
/var/spool/MIMEDefang/mdefang-l642XwNU019416/Work/msg-17467-48.scr:
Worm.SCO.A-1 FOUND
Jul  4 08:21:26 dns1 clamd[23763]:
/var/spool/MIMEDefang/mdefang-l642XwNU019416/Work/msg-17467-48.scr:
Worm.SCO.A-1 FOUND
Jul  4 08:21:26 dns1 mimedefang.pl[17467]:
MDLOG,l642XwNU019416,mail_in,,,<squid-users-return-74603-manoj=[hidden email]>,<[hidden email]>
,[squid-users] Server Report
Jul  4 08:21:27 dns1 mimedefang.pl[17467]: filter: l642XwNU019416:
drop_with_warning=1
Jul  4 08:21:26 dns1 sendmail[19416]: l642XwNU019416: Milter change:
header Subject: from  [squid-users] Server Report to *** VIRUS ***
[squid-users] Server R
eport

Please disregard if this doesn't concern anyone. I wrote to the list
because when a virus/worm is sent out the mailing list, its not one or ten
or hundred users thats effected, its thousands or tens of thousands.

Manoj.

--
Reply | Threaded
Open this post in threaded view
|

Worm.SCO.A-1 sent through the list (was: [squid-users] Re: *** VIRUS ***)

sm-7
At 03:53 05-07-2007, Manoj_Rajkarnikar wrote:
>I too don't believe its Henrik. But it made it here from the list
>and it came yesterday not 5 years ago.

An email with a document.scr attachment was sent through the list on
July 3, 2007.  The date header was Jan 1, 2002.

Henrik's email address was most likely spoofed.

Regards,
-sm

Reply | Threaded
Open this post in threaded view
|

Re: Re: *** VIRUS *** [squid-users] Server Report

Henrik Nordstrom
In reply to this post by Manoj Rajkarnikar
tor 2007-07-05 klockan 13:19 +0545 skrev Manoj_Rajkarnikar:

> On Tue, 1 Jan 2002, [hidden email] wrote:
>
> > WARNING: This e-mail has been altered by MIMEDefang.  Following this
> > paragraph are indications of the actual changes made.  For more
> > information about your site's MIMEDefang policy, contact
> > Vianet System Administrator <[hidden email]>.  For more information about MIMEDefang, see:
> >
> >            http://www.roaringpenguin.com/mimedefang/enduser.php3
> >
> > Dropped document.scr (application/octet-stream) containing virus Worm.SCO.A-1.
> >
>
> Please do something about it. found worm in a message...

Now the filters have been hardened a bit further, with the sideeffect
that most non-text attachments will get rejected, at least until there
is a proper virus scanner running..


And no, I didn't send that virus.

Received: from squid-cache.org (ppp-124.120.133.107.revip2.asianet.co.th [124.120.133.107])
        by squid-cache.org (8.14.0/8.13.6) with ESMTP id l642GdEo067087
        for <[hidden email]>; Tue, 3 Jul 2007 20:16:42 -0600 (MDT)
        (envelope-from [hidden email])

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: *** VIRUS *** [squid-users] Server Report

Manoj Rajkarnikar
On Fri, 6 Jul 2007, Henrik Nordstrom wrote:

> tor 2007-07-05 klockan 13:19 +0545 skrev Manoj_Rajkarnikar:
>> On Tue, 1 Jan 2002, [hidden email] wrote:
>>
>> Please do something about it. found worm in a message...
>
>
> Now the filters have been hardened a bit further, with the sideeffect
> that most non-text attachments will get rejected, at least until there
> is a proper virus scanner running..

Thanks. Sure hope no other virus makes through to the list.

>
>
> And no, I didn't send that virus.
>

I agree.

> Received: from squid-cache.org (ppp-124.120.133.107.revip2.asianet.co.th [124.120.133.107])
>        by squid-cache.org (8.14.0/8.13.6) with ESMTP id l642GdEo067087
>        for <[hidden email]>; Tue, 3 Jul 2007 20:16:42 -0600 (MDT)
>        (envelope-from [hidden email])
>
> Regards
> Henrik
>

Manoj
--
Reply | Threaded
Open this post in threaded view
|

Re: Re: *** VIRUS *** [squid-users] Server Report

Adrian Chadd
On Fri, Jul 06, 2007, Manoj_Rajkarnikar wrote:

> On Fri, 6 Jul 2007, Henrik Nordstrom wrote:
>
> >tor 2007-07-05 klockan 13:19 +0545 skrev Manoj_Rajkarnikar:
> >>On Tue, 1 Jan 2002, [hidden email] wrote:
> >>
> >>Please do something about it. found worm in a message...
> >
> >
> >Now the filters have been hardened a bit further, with the sideeffect
> >that most non-text attachments will get rejected, at least until there
> >is a proper virus scanner running..
>
> Thanks. Sure hope no other virus makes through to the list.

That didn't quite work - it deferred all mail. I've taken it out from
the mail configuration for the time being.

Henrik, check the maillog for "Syntax", you'll see what happened..

Its going to take a couple of hours at least to drain all the posts out
of the queue.Adrian