 |
 |
If you exclude the inbox from scanning doesn't that leave the user vulnerable? ----- Original Message ----- From: "Cheryl Akers" <[log in to unmask]> To: <[log in to unmask]> Sent: Monday, February 09, 2004 4:07 PM Subject: [MSUNAG] Fwd: MSU virus detection failure. (fwd) > Maybe this info will help. I was getting DOOM imbedded in my email and it > kept getting stuck in the spooler for Eudora. This was the response from > Doug Nelson. > > > >----------Forwarded message ---------- > >Return-path: <[log in to unmask]> > >Envelope-to: [log in to unmask] > >Delivery-date: Fri, 06 Feb 2004 09:32:43 -0500 > >Received: from clunix.cl.msu.edu ([35.9.2.10]) > > by sys11.mail.msu.edu with esmtp (Exim 4.24 #37) > > id 1Ap72A-0008V0-WD > > for [log in to unmask]; Fri, 06 Feb 2004 09:32:43 -0500 > >Received: (from nelson@localhost) > > by clunix.cl.msu.edu (8.11.7p1+Sun/8.11.7) id i16EWfJ18494 > > for [log in to unmask]; Fri, 6 Feb 2004 09:32:41 -0500 (EST) > >From: Doug Nelson <[log in to unmask]> > >Message-Id: <[log in to unmask]> > >Subject: Re: MSU virus detection failure. (fwd) > >To: [log in to unmask] > >Date: Fri, 6 Feb 2004 09:32:40 -0500 (EST) > >X-Mailer: ELM [version 2.5 PL2] > >MIME-Version: 1.0 > >Content-Type: text/plain; charset=us-ascii > >Content-Transfer-Encoding: 7bit > >X-Virus: None found by Clam AV > >X-Spam-Status: No, hits=1.3 required=5.0 tests=LARGE_HEX,UPPERCASE_25_50 > > autolearn=no version=2.60 > >X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on > > sys11.mail.msu.edu > >X-Spam-Level: * > > From our mail team: > >"The message was sent from a box on ameritech.net to earthlink. > >The recipient account was full, so earthlink wrapped the message in > >multipart mime and bounced it to the forged sender. > >Our current version of clam can't deal with multipart mime and sent it > >through. The latest version of clam can handle this but it has a memory > >leak. We are waiting for a patch before we try installing it again." > >Doug > > > >Doug Nelson [log in to unmask] > >Network Manager Ph: (517) 353-2980 > >Computer Laboratory http://www.msu.edu/~nelson/ > >Michigan State University > > > >Forwarded message: > >Subject: Re: MSU virus detection failure. > >To: [log in to unmask] (Cheryl A Akers) > >Date: Thu, 5 Feb 2004 16:57:56 -0500 (EST) > >Cc: [log in to unmask] > >In-Reply-To: <[log in to unmask]> from "Cheryl A Akers" > >at Feb 05, 2004 10:16:06 AM > >X-Mailer: ELM [version 2.5 PL2] > >>The following message is being detected as DOOM by my desktop antivirus > >>but missed by MSU. This is the 2nd message is the last 10 minutes with > >>this problem. This has also happened to at least one other person in the > >>Microbiology Department. > > > >I can pass this on to the mail.msu.edu team. There are a couple > >possibilities. > >Either this is a new variant, and the virus definitions on mail.msu.edu had > >not yet been updated to recognize it, or the returned message as seen by the > >mail system did not contain the virus code as a true attachment. From a quick > >read of the headers, I don't see the "mime" encoding headers that would break > >this out as a separate attachment. Thus, it should be impossible for you to > >receive the message, click on the attachment, and become infected, even if > >your AV detected the virus signature. > >Doug > > > >> ----------Forwarded message ---------- > >>Return-path: <> > >>Envelope-to: [log in to unmask] > >>Delivery-date: Thu, 05 Feb 2004 10:07:23 -0500 > >>Received: from turkey.mail.pas.earthlink.net ([207.217.120.126]) > >> by sys02.mail.msu.edu with esmtp (Exim 4.24 #37) > >> id 1Aol6B-00050O-A8 > >> for [log in to unmask]; Thu, 05 Feb 2004 10:07:23 -0500 > >>Received: from exim by turkey.mail.pas.earthlink.net with local (Exim > >>3.33 #1) > >> id 1Aol6A-00015w-00 > >> for [log in to unmask]; Thu, 05 Feb 2004 07:07:22 -0800 > >>X-Failed-Recipients: [log in to unmask] > >>From: Mail Delivery System <[log in to unmask]> > >>To: [log in to unmask] > >>Subject: Mail delivery failed: returning message to sender > >>Message-Id: <[log in to unmask]> > >>Date: Thu, 05 Feb 2004 07:07:22 -0800 > >>X-Virus: None found by Clam AV > >>X-Spam-Level: * > >>X-Spam-Status: No, hits=1.3 required=5.0 tests=LARGE_HEX,UPPERCASE_25_50 > >> autolearn=no version=2.60 > >>X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on > >> sys02.mail.msu.edu > >>This message was created automatically by mail delivery software (Exim). > >>A message that you sent could not be delivered to one or more of its > >>recipients. This is a permanent error. The following address(es) failed: > >> [log in to unmask] > >> SMTP error from remote mailer after RCPT TO:<[log in to unmask]>: > >> host mx1.earthlink.net [207.217.125.16]: 554 This mailbox is full. > >>Please try again later. for [log in to unmask] > >> ------ This is a copy of the message, including all the headers. ------ > >>Return-path: <[log in to unmask]> > >>Received: from adsl-65-42-240-129.dsl.lgnnmi.ameritech.net > >>([65.42.240.129] helo=msu.edu) > >> by turkey.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) > >> id 1Aol62-00012Y-00 > >> for [log in to unmask]; Thu, 05 Feb 2004 07:07:15 -0800 > >>From: [log in to unmask] > >>To: [log in to unmask] > >>Subject: Test > >>Date: Thu, 5 Feb 2004 10:04:38 -0500 > >>MIME-Version: 1.0 > >>Content-Type: multipart/mixed; > >> boundary="----=_NextPart_000_0003_9C28C80A.30CD9C23" > >>X-Priority: 3 > >>X-MSMail-Priority: Normal > >>Message-Id: <[log in to unmask]> > >>This is a multi-part message in MIME format. > >> ------=_NextPart_000_0003_9C28C80A.30CD9C23 > >>Content-Type: text/plain; > >> charset="Windows-1252" > >>Content-Transfer-Encoding: 7bit > >>The message cannot be represented in 7-bit ASCII encoding and has been > >>sent as a binary attachment. > >> > >> > > > > > >Doug Nelson [log in to unmask] > >Network Manager Ph: (517) 353-2980 > >Computer Laboratory http://www.msu.edu/~nelson/ > >Michigan State University > > > > > > Cheryl > > Cheryl Akers, MS, CNA - [log in to unmask] > Microcomputer Support - Microbiology and Molecular Genetics > 2228C Biomedical Physical Sciences > Michigan State University > East Lansing, MI 48824 > > 517-355-6463 X1514 >