RE: [squid-users] SPAM/VIRUS sent to squid-users? (RE: Database at Infinex)

From: SSCR Internet Admin <admin@dont-contact.us>
Date: Wed, 18 Jun 2003 09:01:36 -0700

This is from the leo@sandstig.com which my email scanner has intercepted

Warning: This message has had one or more attachments removed
Warning: (PNI.sln.exe).
Warning: Please read the "VirusWarning.txt" attachment(s) for more
information.

Got this when trying to upload the attached Document:

[Microsoft][ODBC SQL Server Driver][SQL Server]String or binary data would
be truncated. =20

 <<Specification - Krystol Spec #1 - Cracks, Joint, Holes.pdf>>

Which has the email header to support------------

Return-Path: <leo@sandstig.com>
Received: from webserver (annie.impactnet.com [202.95.236.6])
        by baste.sscrmnl.edu.ph (8.12.8/8.12.8) with ESMTP id h5I25niP015921
        for <admin@sscrmnl.edu.ph>; Wed, 18 Jun 2003 10:05:52 +0800
Received: from central-2bj0vsk (sithlord.impactnet.com [202.95.236.184])
        by webserver (8.11.6/8.11.6) with SMTP id h5HDC1d01314;
        Tue, 17 Jun 2003 21:12:01 +0800
Date: Tue, 17 Jun 2003 21:12:01 +0800
Message-Id: <200306171312.h5HDC1d01314@webserver>
From: "Leo Connell" <leo@sandstig.com>
Subject: {Virus?} Error Occurred While Processing Request
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------9OD89CBSFFZXHP"
SSCR-Email-Checker: Found to be infected
SSCR-Email-SpamCheck: not spam, SpamAssassin (score=2, required 10,
        DATE_IN_PAST_12_24, MISSING_HEADERS, SPAM_PHRASE_00_01)
X-MailScanner-SpamScore: ss
Status:

-----Original Message-----
From: la. w [mailto:squid-user@tlinx.org]
Sent: Tuesday, June 17, 2003 12:21 PM
To: 'Nick L.'
Cc: squid-users-admin@squid-cache.org; squid-users@squid-cache.org
Subject: [squid-users] SPAM/VIRUS sent to squid-users? (RE: Database at
Infinex)

Is there a reason for attaching what appears to be an empty file
named PNI.sln.exe and why is it was sent to "Squid-users" via
email harvesting off of the squid users list using "Bcc" to individual
users?

Is "Nick@imagetank.com" even a real user on squid-users?

Did anyone else get a message like this?

As for the .exe being stripped off...my ISP unilaterally implemented
mandatory filtering on all email, so I don't know if there was
actual content in the .exe or not.

> From nick@imagetank.com Tue Jun 17 07:37:26 2003
> Received: from mail.speakeasy.net (localhost [127.0.0.1])
> by mail.tlinx.org (8.12.6/8.12.2/SuSE Linux 0.6) with ESMTP id
h5HEbQMO023811
> for <squid-user@localhost>; Tue, 17 Jun 2003 07:37:26 -0700
> Delivered-To: squid-user@tlinx.org
> Received: (qmail 6267 invoked by uid 64014); 17 Jun 2003 14:36:55 -0000
> Received: from nick@imagetank.com by mail14.speakeasy.net with
AmikaGuardian-Server-1.1.2c-csav (Processed in 0.488691 secs); 17 Jun 2003
14:36:55 -0000
> X-AmikaGuardian-Id: mail14.speakeasy.net10558606152366262
> X-AmikaGuardian-Category: AN:Vectored : 0.4
> X-AmikaGuardian-Category: AN:Obvious Clues : 0.8
> X-AmikaGuardian-Category: AN:Spam Headers : 0.8
> X-AmikaGuardian-Category: AN:Spam : 0.8
> X-AmikaGuardian-Category: AN:Override : 0.4
> X-AmikaGuardian-Category: AN:Exception : 0.4
> X-AmikaGuardian-Category: AN:Spam Structure : 0.8
> X-AmikaGuardian-Category: AN:Junk Mail : 0.8
> X-AmikaGuardian-Category: AN:Forwarded Mail : 0.4
> X-AmikaGuardian-Action: Do Nothing()
> Received: from unknown (HELO webserver) ([202.95.236.6])
> (envelope-sender <nick@imagetank.com>)
> by mail14.speakeasy.net (qmail-ldap-1.03) with SMTP
> for <squid-user@tlinx.org>; 17 Jun 2003 14:36:55 -0000
> Received: from central-2bj0vsk (sithlord.impactnet.com [202.95.236.184])
> by webserver (8.11.6/8.11.6) with SMTP id h5HE14d01626;
> Tue, 17 Jun 2003 22:01:06 +0800
> Date: Tue, 17 Jun 2003 22:01:06 +0800
> Message-Id: <200306171401.h5HE14d01626@webserver>
================================
> From: "Nick L." <nick@imagetank.com>
> Subject: Re: Database at Infinex
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------KCD5Y5YSV2PWIA"
> To: undisclosed-recipients:;
> X-Status:
> X-Keywords:
> X-UID: 8103
>
> ------------KCD5Y5YSV2PWIA
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> Egie,
>
> Mysql is already installed into the machine in SF. Infinex is using it
> specifically for Mysql and is used by some of our larger customers. If
> you need sudo access just to install mysql that shouldn't be needed. If
> y
>
> ------------KCD5Y5YSV2PWIA
> Content-Type: application/x-msdownload; name="PNI.sln.exe"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="PNI.sln.exe"
>
>
>
> ------------KCD5Y5YSV2PWIA--
> 

--
This message has been scanned for viruses and
dangerous contents on SSCR Email Scanner Server, and is
believed to be clean.
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.487 / Virus Database: 286 - Release Date: 6/1/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.487 / Virus Database: 286 - Release Date: 6/1/2003
-- 
This message has been scanned for viruses and
dangerous contents on SSCR Email Scanner Server, and is
believed to be clean.
Received on Tue Jun 17 2003 - 18:46:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:25 MST