Virus Distribution via this group

From: R. Mueller <r.mueller_at_fz-juelich.de>
Date: Sat Dec 6 06:17:19 2003

Does anybody else have trouble with routinely receiving a virus in place of
the proper collection of messages which constitute an issue from this
group? What I often receive looks like


------------------ Virus Warning Message (IIIIIIIIIIIIII)

Security warning Exceed_Decompression_Layer in file email-body
The file email-body is moved to /etc/iscan/virus/virNUv9Rs.

Information from IIIIIIIII Mail-Server: Scanner detected a virus
(Exceed_Decompression_Layer) in an attachment (email-body) of this message.
The attachment was removed from the message. No further action is required
on your part. If you have questions, please contact
postmast_at_IIIIIIIIIIIIIIIIIIIIIIIIIIIIII

---------------------------------------------------------

------------------ Virus Warning Message (IIIIIIIIIIIIIIIIIIII)

email-body is removed from here because it contains a virus.



I have removed the name of our mail processor and substituted several
letters= "I".

These viruses come numbered in the correct sequence, as if they were issued
by the normal server which distributes the proper message collections. By
the time the messages reach me any real content has been removed. Several
of these arrive per week.

One question I must face is whether our firewall is discovering
non-existent viruses, and request a repair, but if the viruses are real,
then the server for this group needs cleaning. It is possible there is
somebody out there at a third point doing this, but how does this explain
having the messages in the correct sequence and delivered to me while
eliminating the correct message? (It never shows up, and how would this
"Third Party Server" be trapping the proper messages in order to substitute
a virus loaded message? If I were receiving one proper message and also
the contaminated version it would be easier to explain.)

Any advice would be appreciated.

Bob
Received on Sat Dec 06 2003 - 06:17:19 GMT