Here is my icq list. [the SUSE virus scanner removed an attachment of type application/octet-stream which had a name of my_numbers.scr] [if you need the message in its original form including all attachments, please ask the SENDER for a version free of viruses]
Hello Roman, Quoting draht@suse.de:
Here is my icq list.
[the SUSE virus scanner removed an attachment of type application/octet-stream which had a name of my_numbers.scr] [if you need the message in its original form including all attachments, please ask the SENDER for a version free of viruses]
Please resend in plain text :D ;) BB, Arjen
Here is my icq list.
[the SUSE virus scanner removed an attachment of type application/octet-stream which had a name of my_numbers.scr] [if you need the message in its original form including all attachments, please ask the SENDER for a version free of viruses]
Please resend in plain text :D ;)
:-)) It's unbelievable these days. I got more than 230MB of crap from worms & Co, and an additional half of that full of spam, since the beginning of the year. Good morning, Roman.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2004-04-02 at 09:35 +0200, Roman Drahtmueller wrote:
It's unbelievable these days. I got more than 230MB of crap from worms & Co, and an additional half of that full of spam, since the beginning of the year.
My postfix rejects around 400 mails per month with windows attachments, and more than a hundred pass through contains virus detected by amavis, usually zip files. The last wave the zip file name is composed from my email address... which by now must be believed the world around to be a first class spammer :-/ :-( - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFAbV9GtTMYHG2NR9URAsvAAJ0U2o9qMbVq9EpIwzbdm7a+FumhKACfajaq Ve1YV/GpAC72voHc/OTBAag= =daAh -----END PGP SIGNATURE-----
My postfix rejects around 400 mails per month with windows attachments, and more than a hundred pass through contains virus detected by amavis, usually zip files. The last wave the zip file name is composed from my email address... which by now must be believed the world around to be a first class spammer :-/ :-(
Unfortunally, the suse mailinglist-archive is a first class address pool for spammers and malware senders :-( Since I posted some mails in suse-security and suse-oracle, the spam count rises significant. So I have to change my email address and use special adresses for mailinglist purposes only, because one of the last spam attacks also contained my address as sender :-( Nice to get the bounces back... Don't use your primary email-address to post in mailinglists... Regards M. Rauter
The Friday 2004-04-02 at 15:09 +0200, Michael Rauter wrote:
Unfortunally, the suse mailinglist-archive is a first class address pool for spammers and malware senders :-(
I know. Pity the archive doesn't remove addresses.
Since I posted some mails in suse-security and suse-oracle, the spam count rises significant. So I have to change my email address and use special adresses for mailinglist purposes only, because one of the last spam attacks also contained my address as sender :-(
Of course, me too. This address is only used for suse lists. Unfortunate. -- Cheers, Carlos Robinson
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2004-04-02 at 09:35 +0200, Roman Drahtmueller wrote:
:-))
It's unbelievable these days. I got more than 230MB of crap from worms & Co, and an additional half of that full of spam, since the beginning of the year.
By the way: I got a bounce from MAILER-DAEMON frm suse point de (it seems legitimate at first glance) telling me that: <florian@******>: user has moved to <unknown> So far, no problem... another of those virus/spam originated bounces. The problem was that: 1) It came with a "broken header" (from a suse server!?), so that fetchmail hicupped and left it at my ISP pop3 server, to be retrieved on the next run, etc, etc, for three days till I noticed: I had to retrieve it with mozilla. 2) It had the file "shower.exe" attached at the end, containing "Worm/NetSky.B.1". Could you do something or tell somebody about filtering those? Bouncing back full emails, complete with virus attachements, is not very nice: even if not dangerous for me, it uses network resources for every body, specially for me (modem). - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFAbihltTMYHG2NR9URAqFwAJ4mOHb2OLLKCWtuS0vL/1yEjvPZzACfWokN YnDSgWjxkBTBLgIKvdXiimo= =1hSQ -----END PGP SIGNATURE-----
Hi Carlos, On Saturday 03 April 2004 04:58, Carlos E. R. wrote:
By the way:
I got a bounce from MAILER-DAEMON frm suse point de (it seems legitimate at first glance) telling me that:
"It seems legitimate at first glance" This exactly one of the viruses tricks. Faking a bounce message. So this is not from a suse server. BB, Arjen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2004-04-04 at 22:01 +0200, Arjen Runsink wrote:
"It seems legitimate at first glance"
This exactly one of the viruses tricks. Faking a bounce message. So this is not from a suse server.
I don't think that is the case, I have some experience analyzing headers. The received header added by my pop3 provider (which I know it is true) says that it received the email from a machine named Cantor... whose IP matches, and it is a SuSE machine. If I trust that info - which can only be false if the IP was spoofed or spliced, and that is not so easy - then the previous header can be trusted as well, as it matches the last one: and this also mentions another SuSE machine. Yes, what I received I'm 95% sure is legitimate. The virus sent it to florian, who has moved and has set up a autoresponder - - /usr/bin/vacation? - Unfortunately, the autoresponder works before the virus checker, or there wasn't one, or it did not work, so the virus was bounced to me. And bouncing the virus is what I'm "ranting" about - as Florian can no longer be reached, to whom do I report? Feedback no longer has an email. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFAcSeCtTMYHG2NR9URAhGrAJ0QGzwq5xeHSqIzWqzc9WCat8POnwCfd3Oa fDM5tbrekhZJJ7tE2Opgq+E= =imia -----END PGP SIGNATURE-----
participants (5)
-
Arjen Runsink
-
Carlos E. R.
-
draht@suse.de
-
Michael Rauter
-
Roman Drahtmueller