---------------------------------------------------------------------- Warning: Message delivery wasn''t performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: wilson@sentrisystems.com To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Tue, 19 Apr 2005 04:25:35 +0530 Virus: Worm.Bagle.AG.2 Feel free to contact no_one if you can''t cope with it. ---------------------------------------------------------------------- This mail was automatically generated by TrashScan v0.12
An HTML attachment was scrubbed... URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20050419/dd23a04f/attachment-0001.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Dog.scr Type: application/octet-stream Size: 21802 bytes Desc: not available Url : http://mailman.ds9a.nl/pipermail/lartc/attachments/20050419/dd23a04f/Dog-0001.obj
removing this person could be a great idea!!!!! Erwan Le Doeuff ************************************************************ Project Manager of rcc project QoS HTB Power tool http://www.rcc-project.net ************************************************************ On 4/18/05, <> wrote:> ---------------------------------------------------------------------- > Warning: Message delivery wasn''t performed. > > Reason: Our virus scanner detected very suspicious code in > the attachment of a mail addressed to a user of our system. > > The following message will not be delivered: > > From: wilson@sentrisystems.com > To: LARTC@mailman.ds9a.nl > Subj: [LARTC] Re: > Date: Tue, 19 Apr 2005 04:25:35 +0530 > Virus: Worm.Bagle.AG.2 > > Feel free to contact no_one if you can''t cope with it. > ---------------------------------------------------------------------- > > This mail was automatically generated by TrashScan v0.12 > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
Even if we keep this email in the mailing list i don''t see any interest to forward "Suspicious attachment" notifications to everyone. Erwan Le Doeuff ************************************************************ Project Manager of rcc project QoS HTB Power tool http://www.rcc-project.net ************************************************************ On 4/18/05, erwan le doeuff <erwan.ledoeuff@gmail.com> wrote:> removing this person could be a great idea!!!!! > > > Erwan Le Doeuff > ************************************************************ > Project Manager of rcc project QoS HTB Power tool > http://www.rcc-project.net > ************************************************************ > > > On 4/18/05, <> wrote: > > ---------------------------------------------------------------------- > > Warning: Message delivery wasn''t performed. > > > > Reason: Our virus scanner detected very suspicious code in > > the attachment of a mail addressed to a user of our system. > > > > The following message will not be delivered: > > > > From: wilson@sentrisystems.com > > To: LARTC@mailman.ds9a.nl > > Subj: [LARTC] Re: > > Date: Tue, 19 Apr 2005 04:25:35 +0530 > > Virus: Worm.Bagle.AG.2 > > > > Feel free to contact no_one if you can''t cope with it. > > ---------------------------------------------------------------------- > > > > This mail was automatically generated by TrashScan v0.12 > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > >
Hi. erwan le doeuff wrote:> Even if we keep this email in the mailing list i don''t see any > interest to forward "Suspicious attachment" notifications to everyone.I agree, but I also see no reason to have this discussion arising over and over again. Local filtering should do the trick until that moron understands that it is a bad idea to automatic ansers to the spoofed sender of a virus mail. Bye, Mike
Dear, erwan. You wrote Tuesday, April 19, 2005, 6:50:57 AM: If maillist admins is not looking there, great idea can be report to this "wilson" ISP, admins, chiefs and etc. about viruses he sending, that he destroying reputation of his company, ... :) Let''s say he trying to do terrorism, infect 1000 people(of how much is in list?) again and again.> Even if we keep this email in the mailing list i don''t see any > interest to forward "Suspicious attachment" notifications to everyone.> Erwan Le Doeuff > ************************************************************ > Project Manager of rcc project QoS HTB Power tool > http://www.rcc-project.net > ************************************************************> On 4/18/05, erwan le doeuff <erwan.ledoeuff@gmail.com> wrote: >> removing this person could be a great idea!!!!! >> >> >> Erwan Le Doeuff >> ************************************************************ >> Project Manager of rcc project QoS HTB Power tool >> http://www.rcc-project.net >> ************************************************************ >> >> >> On 4/18/05, <> wrote: >> > >> ---------------------------------------------------------------------- >> > Warning: Message delivery wasn''t performed. >> > >> > Reason: Our virus scanner detected very suspicious code in >> > the attachment of a mail addressed to a user of our system. >> > >> > The following message will not be delivered: >> > >> > From: wilson@sentrisystems.com >> > To: LARTC@mailman.ds9a.nl >> > Subj: [LARTC] Re: >> > Date: Tue, 19 Apr 2005 04:25:35 +0530 >> > Virus: Worm.Bagle.AG.2 >> > >> > Feel free to contact no_one if you can''t cope with it. >> > >> ---------------------------------------------------------------------- >> > >> > This mail was automatically generated by TrashScan v0.12 >> > >> > _______________________________________________ >> > LARTC mailing list >> > LARTC@mailman.ds9a.nl >> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >> > >> > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc-- With best regards, GlobalProof Globax Division Manager, Denys Fedoryshchenko mailto:denys@globalproof.net
sorry to say -- but did you see the film "cast away" -- the volleyball --named wilson. On Tue, 2005-04-19 at 11:36 +0300, nuclearcat wrote:> Dear, erwan. > > You wrote Tuesday, April 19, 2005, 6:50:57 AM: > > If maillist admins is not looking there, great idea can be report to > this "wilson" ISP, admins, chiefs and etc. about viruses he sending, that he destroying > reputation of his company, ... :) > Let''s say he trying to do terrorism, infect 1000 people(of how much is > in list?) again and again. > > > Even if we keep this email in the mailing list i don''t see any > > interest to forward "Suspicious attachment" notifications to everyone. > > > > > Erwan Le Doeuff > > ************************************************************ > > Project Manager of rcc project QoS HTB Power tool > > http://www.rcc-project.net > > ************************************************************ > > > > On 4/18/05, erwan le doeuff <erwan.ledoeuff@gmail.com> wrote: > >> removing this person could be a great idea!!!!! > >> > >> > >> Erwan Le Doeuff > >> ************************************************************ > >> Project Manager of rcc project QoS HTB Power tool > >> http://www.rcc-project.net > >> ************************************************************ > >> > >> > >> On 4/18/05, <> wrote: > >> > > >> ---------------------------------------------------------------------- > >> > Warning: Message delivery wasn''t performed. > >> > > >> > Reason: Our virus scanner detected very suspicious code in > >> > the attachment of a mail addressed to a user of our system. > >> > > >> > The following message will not be delivered: > >> > > >> > From: wilson@sentrisystems.com > >> > To: LARTC@mailman.ds9a.nl > >> > Subj: [LARTC] Re: > >> > Date: Tue, 19 Apr 2005 04:25:35 +0530 > >> > Virus: Worm.Bagle.AG.2 > >> > > >> > Feel free to contact no_one if you can''t cope with it. > >> > > >> ---------------------------------------------------------------------- > >> > > >> > This mail was automatically generated by TrashScan v0.12 > >> > > >> > _______________________________________________ > >> > LARTC mailing list > >> > LARTC@mailman.ds9a.nl > >> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > >> > > >> > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > >
On Tue, Apr 19, 2005 at 10:15:19AM +0200, Michael Renzmann wrote:> I agree, but I also see no reason to have this discussion arising over > and over again. Local filtering should do the trick until that moron > understands that it is a bad idea to automatic ansers to the spoofed > sender of a virus mail.My mailserver runs qmail (actually mailfront for SMTP) and rejects any message that ClamAV thinks to contain a virus with a "554 Message refused", which in my opinion is the correct SMTP reply for any message I don''t want on my server (silently dropping the mail seems like a risky thing to do). No bounce message is sent by my server. However, I recieved this from the mailinglist manager:> Your membership in the mailing list LARTC has been disabled due to > excessive bounces The last bounce received from you was dated > 21-Apr-2005. You will not get any more messages from this list until > you re-enable your membership. You will receive 3 more reminders like > this before your membership in the list is deleted.Looking at my logs it must be outpost.ds9a.nl actually generating the bounce message. If 554 is not the right reply for such a message, what would be a better way to indicate that the message is concidered utacceptable by my server? If it is the best reply, what should I do to avoid being kicked off the list because my mail server doesn''t say "that''s fine with me" when it gets sent a virus message? Sorry for replying to an offtopic thread, but since the virus problem is apparently known here I figured someone might be able to tell me the correct way to handle such situations. Personally, I think it would be a very good thing for any system that distributes e-mail, especially one that multiplies it as well like a mailing list does, to refuse distributing content that is clearly of a malicious nature, to avoid increasing the size of the problem. regards, Arjen
> If 554 is not the right reply for such a message, what would be a better > way to indicate that the message is concidered utacceptable by my > server? > If it is the best reply, what should I do to avoid being kicked off the > list because my mail server doesn''t say "that''s fine with me" when it > gets sent a virus message? > > Sorry for replying to an offtopic thread, but since the virus problem > is apparently known here I figured someone might be able to tell me the > correct way to handle such situations. > > Personally, I think it would be a very good thing for any system that > distributes e-mail, especially one that multiplies it as well like a > mailing list does, to refuse distributing content that is clearly of a > malicious nature, to avoid increasing the size of the problem.The list received at at least 19 messages in 6 days, with at LEAST one message in a 24 hour period. I have not see any viral emails from Wilson in over 24 hours sense I sent the email to the abuse contact in Who Is for the subnet that his IP was coming from. Maybe my request to have him clean his system via the abuse contact did some good (http://mailman.ds9a.nl/pipermail/lartc/2005q2/015613.html). Time will tell. Or who knows, Wilson may have had his computer turned off in that time too. I do know that all the emails were being sent with the same source email address and name. All that was changing was the IP that it was coming from, which is in a dynamic dial up pool so this is to be expected. Grant. . . .
On Sat, Apr 23, 2005 at 01:58:00AM +0200, Arjen Meek wrote:> On Tue, Apr 19, 2005 at 10:15:19AM +0200, Michael Renzmann wrote: > > I agree, but I also see no reason to have this discussion arising over > > and over again. Local filtering should do the trick until that moron > > understands that it is a bad idea to automatic ansers to the spoofed > > sender of a virus mail. > > My mailserver runs qmail (actually mailfront for SMTP) and rejects any > message that ClamAV thinks to contain a virus with a "554 Message > refused", which in my opinion is the correct SMTP reply for any > message I don''t want on my server (silently dropping the mail seems > like a risky thing to do). No bounce message is sent by my server. > > However, I recieved this from the mailinglist manager: > > Your membership in the mailing list LARTC has been disabled due to > > excessive bounces The last bounce received from you was dated > > 21-Apr-2005. You will not get any more messages from this list until > > you re-enable your membership. You will receive 3 more reminders like > > this before your membership in the list is deleted. > > Looking at my logs it must be outpost.ds9a.nl actually generating the > bounce message. > > If 554 is not the right reply for such a message, what would be a better > way to indicate that the message is concidered utacceptable by my > server? > If it is the best reply, what should I do to avoid being kicked off the > list because my mail server doesn''t say "that''s fine with me" when it > gets sent a virus message?I am having the same problem but using debian + exim & clamav> > Sorry for replying to an offtopic thread, but since the virus problem > is apparently known here I figured someone might be able to tell me the > correct way to handle such situations. > > Personally, I think it would be a very good thing for any system that > distributes e-mail, especially one that multiplies it as well like a > mailing list does, to refuse distributing content that is clearly of a > malicious nature, to avoid increasing the size of the problem. > > regards, > Arjen > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc