You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by "Ronald I. Nutter" <ro...@georgetowncollege.edu> on 2005/06/06 17:19:23 UTC

Anyone seeing Account closed emails ?

Anyone seeing this type of email coming through with a header of
*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?

Didn't know if someone already had a ruleset out before I starting
working on one for my system.

Ron

--------------------------------------------------------------------
Ron Nutter                          ron_nutter@georgetowncollege.edu 
Network Infrastructure & Security Manager
Information Technology Services                        (502)863-7002
Georgetown College                                     
Georgetown, KY                                            40324-1696
--------------------------------------------------------------------

Re: Anyone seeing Account closed emails ?

Posted by Vivek Khera <vi...@khera.org>.

On Jun 6, 2005, at 11:27 AM, Rick Macdougall wrote:

>
> That is a Mytob virus variant.  Maybe you should install a virus  
> scanner like clamav.
>

I got one before clamav and/or Vexira learned about it...  i think  
both are noticing it now.

Vivek Khera, Ph.D.
+1-301-869-4449 x806

Re: Anyone seeing Account closed emails ?

Posted by Kris Deugau <kd...@vianet.ca>.

Vivek Khera wrote:
> and the idiot mail system that did such neutering should be banned
> from the earth.  there's absolutely no reason to strip a virus from
> an email then let the rest of the message through.

Actually, it's occasionally the virus itself that misfires and forgets
to attach a copy of itself.  <g>  I've seen those coming from infected
customer systems to other customer accounts - no outside systems
involved, so I'm certain the virus wasn't just stripped off by our virus
scan.

I *DID*, however, find a customer once that managed to get infected with
a VBscript virus that attached itself to LEGITIMATE email.  They were
upset because their mail didn't seem to be getting through.

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

Re: Anyone seeing Account closed emails ?

Posted by Vivek Khera <vi...@khera.org>.

On Jun 6, 2005, at 12:10 PM, David B Funk wrote:

> However I've seen a number of those from "stillborn" virus mis- 
> fires and
> clamav will ignore those (IE the text is there but the "payload" is  
> either
> truncated or totally missing).
> That then, is a job for SA.
>
>

and the idiot mail system that did such neutering should be banned  
from the earth.  there's absolutely no reason to strip a virus from  
an email then let the rest of the message through.

Vivek Khera, Ph.D.
+1-301-869-4449 x806

Re: Anyone seeing Account closed emails ?

Posted by David B Funk <db...@engineering.uiowa.edu>.

On Mon, 6 Jun 2005, Rick Macdougall wrote:

> Ronald I. Nutter wrote:
>
> >Anyone seeing this type of email coming through with a header of
> >*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
> >
> >Didn't know if someone already had a ruleset out before I starting
> >working on one for my system.
> >

>
> That is a Mytob virus variant.  Maybe you should install a virus scanner
> like clamav.
>
> Rick

Yes, that text is associated with a Mytob virus variant and if it's
in a "live" virus clamav will kill it.
However I've seen a number of those from "stillborn" virus mis-fires and
clamav will ignore those (IE the text is there but the "payload" is either
truncated or totally missing).
That then, is a job for SA.

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: Anyone seeing Account closed emails ?

Posted by Rick Macdougall <ri...@nougen.com>.

Ronald I. Nutter wrote:

>Anyone seeing this type of email coming through with a header of
>*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
>
>Didn't know if someone already had a ruleset out before I starting
>working on one for my system.
>
>
>  
>
Hi,

That is a Mytob virus variant.  Maybe you should install a virus scanner 
like clamav.

Regards,

Rick

Re: Anyone seeing Account closed emails ?

Posted by Matt Kettler <mk...@evi-inc.com>.

Ronald I. Nutter wrote:
> Anyone seeing this type of email coming through with a header of
> *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
> 
> Didn't know if someone already had a ruleset out before I starting
> working on one for my system.

I'm getting them, but they are all picked up as viruses:

At Sat May 21 02:05:16 2005 the virus scanner said:
   Command: account-details.zip->account-details.pif  Infection: W32/Mytob.DJ@mm
   ClamAV Module: account-details.zip was infected: Worm.Mytob.BT
   Bitdefender: Found virus Win32.Worm.Mytob.AW in file account-details.zip