Oops!
It came from the e-trust site, so I assumed...duh...sorry... )-:
Sylvia
Would it have any effect on your opinion of them if you knew that
not just once, but three times (January 7, 2005; March 14, 2005 and
May 21, 2005) they bounced live viruses to me when a worm forged my
address as the sender? In each case, I sent a report to them but at
least the first two complaints were ignored.
The first, my ISP's virus filter failed to disinfect because it couldn't
properly find the attachment:
: From <> Fri Jan 7 01:49:35 2005
: Received: from loki.chebucto.ns.Ca ([192.75.95.97]:35947 "EHLO
: loki.chebucto.ns.ca") by halifax.chebucto.ns.ca with ESMTP
: id S13002AbVAGFru (ORCPT <rfc822;
[email protected]>);
: Fri, 7 Jan 2005 01:47:50 -0400
: Received: from lobster.firetrust.com ([69.59.174.220]:13513 "HELO
: lobster.firetrust.com") by loki.chebucto.ns.Ca with SMTP
: id <S4248333AbVAGFmF>; Fri, 7 Jan 2005 01:42:05 -0400
: Received: (qmail 19754 invoked for bounce); 7 Jan 2005 05:46:52 -0000
: Received: (mailwasher server; not checked: socket error connecting to the
: MPD: unable to connect to /local:/var/run/mwserver/mpd.sock: Connection
: refused); 07 Jan 2005 05:46:52 +0000
: Date: 7 Jan 2005 05:46:52 -0000
: From: (e-mail address removed)
: To: (e-mail address removed)
: Subject: Virus: failure notice
: X-CCN-MailScanner-Information: Please contact the ISP for more information
: X-MailScanner: Virus Infected
: X-Is-Spam: not spam, SpamAssassin (score=2.27, required 5,
: autolearn=disabled, AWL -0.04, BAYES_50 0.00, NO_REAL_NAME 0.01,
: UNIQUE_WORDS 2.27, UPPERCASE_25_50 0.03)
: X-MailScanner-SpamScore: ss
: X-MailScanner-From:
: Message-Id: <
[email protected]>
: Return-Path: <>
: Status: RO
: X-Status:
:
: Warning: This message has had one or more attachments removed
: Warning: (file.pif).
: Warning: Please read the "VirusWarning.txt" attachment(s) for more
: information.
:
: Hi. This is the qmail-send program at lobster.firetrust.com.
: I'm afraid I wasn't able to deliver your message to the following
: addresses.
: This is a permanent error; I've given up. Sorry it didn't work out.
:
: <
[email protected]>:
: Sorry, no mailbox here by that name. vpopmail (#5.1.1)
:
: --- Below this line is a copy of the message.
:
: Return-Path: <
[email protected]>
: Received: (qmail 18805 invoked from network); 7 Jan 2005 05:46:52 -0000
: Received: (mailwasher server; not checked: socket error connecting to the
: MPD: unable to connect to /local:/var/run/mwserver/mpd.sock: Connection
: refused); 07 Jan 2005 05:46:52 +0000
: Received: from unknown (HELO chebucto.ns.ca) (218.24.142.194) by
: lobster.firetrust.com with SMTP; 7 Jan 2005 05:45:57 -0000
: From: (e-mail address removed)
: To: (e-mail address removed)
: Subject: HELLO
: Date: Fri, 7 Jan 2005 13:44:18 +0800
: MIME-Version: 1.0
: Content-Type: multipart/mixed;
: boundary="----=_NextPart_000_0007_99DAED9D.5DF05053"
: X-Priority: 3
: X-MSMail-Priority: Normal
:
: This is a multi-part message in MIME format.
:
: ------=_NextPart_000_0007_99DAED9D.5DF05053
: Content-Type: text/plain;
: charset="Windows-1252"
: Content-Transfer-Encoding: 7bit
:
: It's the long-awaited film version of the Broadway hit. The message sent
: as a binary attachment.
:
:
: ------=_NextPart_000_0007_99DAED9D.5DF05053
: Content-Type: application/octet-stream;
: name="file.pif"
: Content-Transfer-Encoding: base64
: Content-Disposition: attachment;
: filename="file.pif"
:
: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[BIG SNIP of infectious worm]
: aWJyYXJ5QQAAAAAAAAAAAAAAAABsjwQAXI8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
:
: ------=_NextPart_000_0007_99DAED9D.5DF05053--
The second, my ISP's virus filter still failed to disinfect because it
couldn't properly find the attachment:
: From <> Mon Mar 14 03:50:42 2005
: Received: from lich.chebucto.ns.Ca ([192.75.95.79]:36575 "EHLO
: lich.chebucto.ns.ca") by halifax.chebucto.ns.ca with ESMTP
: id S1862AbVCNHru (ORCPT <rfc822;
[email protected]>);
: Mon, 14 Mar 2005 03:47:50 -0400
: Received: from lobster.firetrust.com ([69.59.174.220]:7901 "HELO
: lobster.firetrust.com") by lich.chebucto.ns.ca with SMTP
: id <S416521AbVCNHrp>; Mon, 14 Mar 2005 03:47:45 -0400
: Received: (qmail 1855 invoked for bounce); 14 Mar 2005 07:47:03 -0000
: Date: 14 Mar 2005 07:47:03 -0000
: From: (e-mail address removed)
: To: (e-mail address removed)
: Subject: Virus: failure notice
: X-CCN-MailScanner-Information: Please contact the ISP for more information
: X-MailScanner: Virus Infected
: X-Is-Spam: not spam, SpamAssassin (score=4.128, required 5, AWL 0.26,
: BAYES_50 1.57, NO_REAL_NAME 0.01, UNIQUE_WORDS 2.27,
: UPPERCASE_25_50 0.03)
: X-MailScanner-SpamScore: ssss
: X-MailScanner-From:
: Message-Id: <
[email protected]>
: Return-Path: <>
: Status: RO
: X-Status:
:
: Warning: This message has had one or more attachments removed
: Warning: (data.exe).
: Warning: Please read the "VirusWarning.txt" attachment(s) for more
: information.
:
: Hi. This is the qmail-send program at lobster.firetrust.com.
: I'm afraid I wasn't able to deliver your message to the following
: addresses.
: This is a permanent error; I've given up. Sorry it didn't work out.
:
: <
[email protected]>:
: Sorry, no mailbox here by that name. vpopmail (#5.1.1)
:
: --- Below this line is a copy of the message.
:
: Return-Path: <
[email protected]>
: Received: (qmail 16037 invoked from network); 14 Mar 2005 07:44:20 -0000
: Received: from unknown (HELO chebucto.ns.ca) (218.24.142.194)
: by lobster.firetrust.com with SMTP; 14 Mar 2005 07:44:20 -0000
: From: (e-mail address removed)
: To: (e-mail address removed)
: Subject: Error
: Date: Mon, 14 Mar 2005 15:42:19 +0800
: MIME-Version: 1.0
: Content-Type: multipart/mixed;
: boundary="----=_NextPart_000_0003_BD09DF8E.9F22C21C"
: X-Priority: 3
: X-MSMail-Priority: Normal
:
: This is a multi-part message in MIME format.
:
: ------=_NextPart_000_0003_BD09DF8E.9F22C21C
: Content-Type: text/plain;
: charset="Windows-1252"
: Content-Transfer-Encoding: 7bit
:
: The message contains Unicode characters and has been sent as a binary
: attachment.
:
:
: ------=_NextPart_000_0003_BD09DF8E.9F22C21C
: Content-Type: application/octet-stream;
: name="data.exe"
: Content-Transfer-Encoding: base64
: Content-Disposition: attachment;
: filename="data.exe"
:
: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[BIG SNIP of infectious worm]
: aWJyYXJ5QQAAAAAAAAAAAAAAAABsjwQAXI8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
:
: ------=_NextPart_000_0003_BD09DF8E.9F22C21C--
The third copy was successfully disinfected after changes to my ISP's
virus filter:
: From <> Sat May 21 03:43:08 2005
: Received: from lich.chebucto.ns.Ca ([192.75.95.79]:36748 "EHLO
: lich.chebucto.ns.Ca") by halifax.chebucto.ns.ca with ESMTP
: id S2374AbVEUGlr (ORCPT <rfc822;
[email protected]>);
: Sat, 21 May 2005 03:41:47 -0300
: Received: from lobster.firetrust.com ([69.59.174.220]:33686 "HELO
: lobster.firetrust.com") by lich.chebucto.ns.Ca with SMTP
: id <S870872AbVEUGld>; Sat, 21 May 2005 03:41:33 -0300
: Received: (qmail 4906 invoked for bounce); 21 May 2005 06:41:24 -0000
: Date: 21 May 2005 06:41:24 -0000
: From: (e-mail address removed)
: To: (e-mail address removed)
: Subject: Virus: failure notice
: X-MailScanner: Virus Infected
: X-Is-Spam: not spam, SpamAssassin (score=4.847, required 5, AWL -0.97,
: BAYES_60 3.52, NO_REAL_NAME 0.01, UNIQUE_WORDS 2.27,
: UPPERCASE_25_50 0.03)
: X-MailScanner-SpamScore: ssss
: X-MailScanner-From:
: X-MailScanner-To: (e-mail address removed)
: Message-Id: <
[email protected]>
: Return-Path: <>
: Status: RO
: X-Status:
:
: Warning: This message has had one or more attachments removed
: Warning: (doc.zip, doc.doc .scr).
: Warning: Please read the "VirusWarning.txt" attachment(s) for more
: information.
:
: This is a message from the MailScanner E-Mail Virus Protection Service
: ----------------------------------------------------------------------
: The original e-mail attachment "the entire message"
: was believed to be dangerous and/or infected by a virus and has been
: replaced by this warning message.
:
: Please ask the sender of the message to disinfect their original
: version and send you a clean copy.
:
: At Sat May 21 03:41:27 2005 the scanner said:
: doc.doc .scr Infection: W32/Lovgate.X@mm
: Windows Screensavers are often used to hide viruses (doc.doc
: .scr)
:
: --
: Postmaster
