 |
 |
On Wed, 12 May 2004, Tim Potter wrote: > I've been receiving suspicious files of the usual viral extensions (.exe, > .scr, .com, etc.) about every day from this same individual (see below) but > all of the files have been zero length and not detected by my AV software > as infected (Norton AV CE 7.61 and Kaspersky KAV 4.5.0.95 Trial). Anyone > else see files like this slipping thru their AV and the mail.msu.edu AV? Some accounts on our system get these on occasion, too. I looked into it when I first noticed one and found references that some variants of some of the common E-mail viruses have bugs in them which cause, in some cases, the E-mail which the virus sends out to lack the usual copy of the virus itself. Obviously, the bug does not manifest itself on every machine or the virus would not have gotten anywhere in the first place, but some condition such as a Windows registry setting or a system file name is not as universal as the virus writer assumed, and his/her skills at error handling were merci- fully insufficient to adapt to variations. > > Can this sender be blocked at the mail.msu.edu server? > Tim A 'whois' on the IP address 165.189.17.51 shows, remarkably, that it really does belong to the Wisconsin state government, so contacting the designated "abuse" E-mail address ([log in to unmask]) might work to fix the problem at the source. > > > Return-path: <[log in to unmask]> > Envelope-to: [log in to unmask] > Delivery-date: Wed, 12 May 2004 08:53:37 -0400 > Received: from [165.189.17.51] (helo=W17269.org) > by sys16.mail.msu.edu with smtp (Exim 4.32 #22) > id 1BNtEv-00030N-1m > for [log in to unmask]; Wed, 12 May 2004 08:53:37 -0400 > Date: Wed, 12 May 2004 07:52:42 -0600 > To: "Pottert" <[log in to unmask]> > From: "Mark.ibach" <[log in to unmask]> > Subject: Re: Msg reply > Message-ID: <[log in to unmask]> > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------bvhkxpkbmvushehovkub" > X-Virus: None found by Clam AV > X-Spam-Status: No, hits=0.9 required=5.0 tests=HTML_30_40,HTML_MESSAGE, > MIME_HTML_ONLY autolearn=no version=2.63 > X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on sys16.mail.msu.edu > X-Spam-Level: > > ********************** > Tim Potter <>< > Information Officer > MSU Alumni Association > E. Lansing, MI 48824 > Toll-free: 877/ MSU-ALUM (678-2586) > Ph: 517/432-1160 > Fax: 517/432-7769 > Stay Connected! www.msualum.com > ------------------------------------------------------------------------- George J Perkins http://www.pa.msu.edu/people/perkins/ 1209B BPS Bldg, MSU Phone: 517-355-9200 ext 2567 East Lansing, MI 48824-2320 FAX: 517-353-4500