Mailing List
Home
Linux - General Red Hat Linux discussion list
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Installation - Getting started with Red Hat Linux
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 8.0 - Discussion of Red Hat Linux 8.0 (Psyche)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Red Hat Linux 7.1 - Discussion of Red Hat Linux 7.1 (Seawolf)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
Search:  
Power your search with and, or, +, -, or "some phrase" operators.
Virus on the list

Virus on the list

2004-01-19       - By L. Christopher Luther

 Back
Reply:     1     2     3     4     5     6     7     8  

I too got an alert from our mail-gateway AV product, for what 's it 's worth.
But our drakonian approach to deleting attached . E X E 's stopped the
infected file from even making it to the desktop.

Cheers!


-- --Original Message-- --
From: Eucke Warren [mailto:euckew@(protected)]
Sent: Monday, January 19, 2004 4:54 PM
To: redhat-list@(protected)
Subject: Virus on the list


Hey, this may be information you already have.....but....

My Vexira server just nabbed a message with a worm in it that appears to
have originated from the list. The Worm is Worm/Bagle.B. I doubt that the
other headers are unaltered so I don 't know that there 's enough information
to figure out which of the list members is infected. Just an FYI.

Here is the Alert I received from my milter

Message-Id: < esbeqpfmekjyxlvlrmk@(protected)
<mailto:esbeqpfmekjyxlvlrmk@(protected) > >
Sender: redhat-list-admin@(protected) <mailto:redhat-list-admin@(protected) >
From: toshi.esumi@(protected) <mailto:toshi.esumi@(protected) >
To: redhat-list@(protected) <mailto:redhat-list@(protected) >
Date: Mon, 19 Jan 2004 21:35:21 +0000
Subject: Hi
Mail-From: < redhat-list-admin@(protected)
<mailto:redhat-list-admin@(protected) > >
Rcpt: < euckew@(protected) <mailto:euckew@(protected) >
>
Queue-Id: 23528-799AB1E6
Status: The mail was not delivered!
--8 <--


Log-File:
--8 <--
info: extracting attachment 1 to /var/tmp/av-23531-ccE6xT/av-0
(encoding= "8bit ", name= "(no name) ", filename= "(no name) ")
info: extracting attachment 2 to /var/tmp/av-23531-ccE6xT/av-1
(encoding= "base64 ", name= "qjktyrpf.exe ", filename= "xgcjkahnf.exe ")
checking file "/var/tmp/av-23531-ccE6xT/av-0 "
checking file "/var/tmp/av-23531-ccE6xT/av-1 "
--8 <--

--

Eucke Warren

Today 's quote: "The software package said 'REQUIRES WINDOWS 9X OR BETTER ' so
I installed Linux "


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN " >
<HTML > <HEAD >
<META HTTP-EQUIV= "Content-Type " CONTENT= "text/html; charset=iso-8859-1 " >


<META content= "MSHTML 5.50.4934.1600 " name=GENERATOR >
<STYLE > </STYLE >
</HEAD >
<BODY bgColor=#ffffff >
<DIV > <SPAN class=358560722-19012004 > <FONT color=#0000ff >I too got an alert
from our mail-gateway AV product, for what 's it 's worth.  But our drakonian
approach to deleting attached . E X E 's stopped the infected file from even
making it to the desktop.  </FONT > </SPAN > </DIV >
<DIV > <SPAN class=358560722-19012004 > <FONT
color=#0000ff > </FONT > </SPAN >  </DIV >
<DIV > <SPAN class=358560722-19012004 > <FONT color=#0000ff >Cheers! 
</FONT > </SPAN > </DIV >
<DIV > <SPAN class=358560722-19012004 > <FONT
color=#0000ff > </FONT > </SPAN >  </DIV >
<BLOCKQUOTE dir=ltr
style= "PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px " >
<DIV class=OutlookMessageHeader dir=ltr align=left > <FONT face=Tahoma
size=2 >-- --Original Message-- -- <BR > <B >From: </B > Eucke Warren
[mailto:euckew@(protected)] <BR > <B >Sent: </B > Monday, January 19, 2004
4:54 PM <BR > <B >To: </B > redhat-list@(protected) <BR > <B >Subject: </B > Virus on the
list <BR > <BR > </FONT > </DIV >
<DIV > <FONT face=Arial size=2 >Hey, this may be information you already
have.....but.... </FONT > </DIV >
<DIV > <FONT face=Arial size=2 > </FONT >  </DIV >
<DIV > <FONT face=Arial size=2 >My Vexira server just nabbed a message with a
worm in it that appears to have originated from the list.  The Worm is
<FONT face= "Times New Roman " size=3 >Worm/Bagle.B.  I doubt that the other
headers are unaltered so I don 't know that there 's enough information to
figure out which of the list members is infected.  Just an
FYI. </FONT > </FONT > </DIV >
<DIV > <FONT color=#0000ff > </FONT >  </DIV >
<DIV > <FONT face=Arial size=2 >Here is the Alert I received from my
milter </FONT > </DIV >
<DIV > <FONT face=Arial size=2 > </FONT >  </DIV >
<DIV >Message-Id: < <A
href= "mailto:esbeqpfmekjyxlvlrmk@(protected) " >esbeqpfmekjyxlvlrmk@(protected) </A >> <BR > Sender:
<A
href= "mailto:redhat-list-admin@(protected) " >redhat-list-admin@(protected) </A > <BR > From:
<A
href= "mailto:toshi.esumi@(protected) " >toshi.esumi@(protected) </A > <BR > To:
<A
href= "mailto:redhat-list@(protected) " >redhat-list@(protected) </A > <BR > Date:
Mon, 19 Jan 2004 21:35:21 +0000 <BR > Subject: Hi <BR > Mail-From:
< <A
href= "mailto:redhat-list-admin@(protected) " >redhat-list-admin@(protected) </A >> <BR > Rcpt:
< <A
href= "mailto:euckew@(protected) " >euckew@(protected) </A >> <BR > Queue-Id:
23528-799AB1E6 <BR > Status: The mail was not
delivered! <BR >--8<-- <BR > <BR > <BR >Log-File: <BR >--8<-- <BR >info: extracting
attachment 1 to
/var/tmp/av-23531-ccE6xT/av-0 <BR >      
(encoding= "8bit ", name= "(no name) ", filename= "(no name) ") <BR >info: extracting
attachment 2 to
/var/tmp/av-23531-ccE6xT/av-1 <BR >      
(encoding= "base64 ", name= "qjktyrpf.exe ", filename= "xgcjkahnf.exe ") <BR >checking
file "/var/tmp/av-23531-ccE6xT/av-0 " <BR >checking file
"/var/tmp/av-23531-ccE6xT/av-1 " <BR >--8<-- <BR > <BR >-- </DIV >
<DIV >  </DIV >
<DIV > <FONT face=Arial size=2 >Eucke Warren </FONT > </DIV >
<DIV >  </DIV >
<DIV > <FONT face=Arial size=2 >Today 's quote: "The software package said
'REQUIRES WINDOWS 9X OR BETTER ' so I installed
Linux " </FONT > </DIV > </BLOCKQUOTE > </BODY > </HTML >