You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Ronald I. Nutter" <ro...@georgetowncollege.edu> on 2005/06/06 17:19:23 UTC
Anyone seeing Account closed emails ?
Anyone seeing this type of email coming through with a header of
*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
Didn't know if someone already had a ruleset out before I starting
working on one for my system.
Ron
--------------------------------------------------------------------
Ron Nutter ron_nutter@georgetowncollege.edu
Network Infrastructure & Security Manager
Information Technology Services (502)863-7002
Georgetown College
Georgetown, KY 40324-1696
--------------------------------------------------------------------
Re: Anyone seeing Account closed emails ?
Posted by Vivek Khera <vi...@khera.org>.
On Jun 6, 2005, at 11:27 AM, Rick Macdougall wrote:
>
> That is a Mytob virus variant. Maybe you should install a virus
> scanner like clamav.
>
I got one before clamav and/or Vexira learned about it... i think
both are noticing it now.
Vivek Khera, Ph.D.
+1-301-869-4449 x806
Re: Anyone seeing Account closed emails ?
Posted by Kris Deugau <kd...@vianet.ca>.
Vivek Khera wrote:
> and the idiot mail system that did such neutering should be banned
> from the earth. there's absolutely no reason to strip a virus from
> an email then let the rest of the message through.
Actually, it's occasionally the virus itself that misfires and forgets
to attach a copy of itself. <g> I've seen those coming from infected
customer systems to other customer accounts - no outside systems
involved, so I'm certain the virus wasn't just stripped off by our virus
scan.
I *DID*, however, find a customer once that managed to get infected with
a VBscript virus that attached itself to LEGITIMATE email. They were
upset because their mail didn't seem to be getting through.
-kgd
--
Get your mouse off of there! You don't know where that email has been!
Re: Anyone seeing Account closed emails ?
Posted by Vivek Khera <vi...@khera.org>.
On Jun 6, 2005, at 12:10 PM, David B Funk wrote:
> However I've seen a number of those from "stillborn" virus mis-
> fires and
> clamav will ignore those (IE the text is there but the "payload" is
> either
> truncated or totally missing).
> That then, is a job for SA.
>
>
and the idiot mail system that did such neutering should be banned
from the earth. there's absolutely no reason to strip a virus from
an email then let the rest of the message through.
Vivek Khera, Ph.D.
+1-301-869-4449 x806
Re: Anyone seeing Account closed emails ?
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 6 Jun 2005, Rick Macdougall wrote:
> Ronald I. Nutter wrote:
>
> >Anyone seeing this type of email coming through with a header of
> >*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
> >
> >Didn't know if someone already had a ruleset out before I starting
> >working on one for my system.
> >
>
> That is a Mytob virus variant. Maybe you should install a virus scanner
> like clamav.
>
> Rick
Yes, that text is associated with a Mytob virus variant and if it's
in a "live" virus clamav will kill it.
However I've seen a number of those from "stillborn" virus mis-fires and
clamav will ignore those (IE the text is there but the "payload" is either
truncated or totally missing).
That then, is a job for SA.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Anyone seeing Account closed emails ?
Posted by Rick Macdougall <ri...@nougen.com>.
Ronald I. Nutter wrote:
>Anyone seeing this type of email coming through with a header of
>*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
>
>Didn't know if someone already had a ruleset out before I starting
>working on one for my system.
>
>
>
>
Hi,
That is a Mytob virus variant. Maybe you should install a virus scanner
like clamav.
Regards,
Rick
Re: Anyone seeing Account closed emails ?
Posted by Matt Kettler <mk...@evi-inc.com>.
Ronald I. Nutter wrote:
> Anyone seeing this type of email coming through with a header of
> *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ?
>
> Didn't know if someone already had a ruleset out before I starting
> working on one for my system.
I'm getting them, but they are all picked up as viruses:
At Sat May 21 02:05:16 2005 the virus scanner said:
Command: account-details.zip->account-details.pif Infection: W32/Mytob.DJ@mm
ClamAV Module: account-details.zip was infected: Worm.Mytob.BT
Bitdefender: Found virus Win32.Worm.Mytob.AW in file account-details.zip