Virus Distribution via this group from danjr on 2003-12-08 (2003-December)

From: danjr <danjr_at_voyager.net>
Date: Mon Dec 8 17:27:19 2003

I routinely get virus alerts off of the cctalk and cctech lists. The
ones I receive are usually warnings that a virus was detected and
removed, and I have never actually gotten a virus from the list, so I
usually ignore them.

Dan

> Does anybody else have trouble with routinely receiving a virus in
place of
> the proper collection of messages which constitute an issue from this
> group? What I often receive looks like
>
>
> ------------------ Virus Warning Message (IIIIIIIIIIIIII)
>
> Security warning Exceed_Decompression_Layer in file email-body
> The file email-body is moved to /etc/iscan/virus/virNUv9Rs.
>
> Information from IIIIIIIII Mail-Server: Scanner detected a virus
> (Exceed_Decompression_Layer) in an attachment (email-body) of this
message.
> The attachment was removed from the message. No further action is
required
> on your part. If you have questions, please contact
> postmast_at_IIIIIIIIIIIIIIIIIIIIIIIIIIIIII
>
> ---------------------------------------------------------
>
> ------------------ Virus Warning Message (IIIIIIIIIIIIIIIIIIII)
>
> email-body is removed from here because it contains a virus.
>
>
>
> I have removed the name of our mail processor and substituted several
> letters= "I".
>
> These viruses come numbered in the correct sequence, as if they were
issued
> by the normal server which distributes the proper message
collections. By
> the time the messages reach me any real content has been removed.
Several
> of these arrive per week.
>
> One question I must face is whether our firewall is discovering
> non-existent viruses, and request a repair, but if the viruses are
real,
> then the server for this group needs cleaning. It is possible there
is
> somebody out there at a third point doing this, but how does this
explain
> having the messages in the correct sequence and delivered to me while
> eliminating the correct message? (It never shows up, and how would
this
> "Third Party Server" be trapping the proper messages in order to
substitute
> a virus loaded message? If I were receiving one proper message and
also
> the contaminated version it would be easier to explain.)
>
> Any advice would be appreciated.
>
> Bob
>
>
>
> _____________________________________________________
> This message scanned for viruses by CoreComm
>
Received on Mon Dec 08 2003 - 17:27:19 GMT

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:35:49 BST