[prev in list] [next in list] [prev in thread] [next in thread]
List: ngw
Subject: Re: [ngw] Re: ezmlm warning
From: "Trevor Harrison" <trevor () harrison ! org>
Date: 2008-08-28 14:22:13
Message-ID: 2e6bafa60808280722x7f5a418h8e02ffd0c6d7d80e () mail ! gmail ! com
[Download RAW message or body]
On Wed, Aug 27, 2008 at 3:45 PM, Sean Granger <sgranger@randfinancial.com>wrote:
> Anyone else have scanners in place that found someone on the list to be
> sending Mydoom around??
>
> Can someone admin'ing the list please follow up on this, track the message
> sender and inform them they are infected?
Ok. I've looked at this, and I think its just hysterical virus scanners.
>
> >>> <ngw-help@ngwlist.com> 08/27/08 02:27PM >>>
> To retrieve a set of messages 123-145 (a maximum of 100 per request),
> send an empty message to:
> <ngw-get.123_145@ngwlist.com>
>
> To receive a subject and author list for the last 100 or so messages,
> send an empty message to:
> <ngw-index@ngwlist.com>
>
> Here are the message numbers:
>
> 127462
If you follow the directions, and send a message to
ngw-get.127462@ngwlist.com, you will receive a copy of the message mentioned
in the bounce below, that was claimed to be infected.
However, looking at that message, I can't find anything out of the
ordinary. Its all text. However, it does contain the words "mydomain.com"
quite a few times. Which is pretty similar to the "mydoom" virus name.
I wonder if you will even receive this message since it has the string "
mydomain.com" in it.
Or maybe your virus definitions have been fixed by now. (Message 127462 was
sent Aug 15th)
-Trevor
>
> 127466
> 127463
> 127468
>
> --- Enclosed is a copy of the bounce message I received.
>
> Return-Path: <>
> Received: (qmail 11511 invoked for bounce); 15 Aug 2008 18:58:00 -0600
> Date: 15 Aug 2008 18:58:00 -0600
> From: MAILER-DAEMON@steastwood.harrison.org
> To: ngw-return-127462-@ngwlist.com
> Subject: failure notice
>
> Hi. This is the qmail-send program at steastwood.harrison.org.
> I'm afraid I wasn't able to deliver your message to the following
> addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <sgranger@randfinancial.com>:
> User and password not set, continuing without authentication.
> <sgranger@randfinancial.com> 208.65.144.3 failed after I sent the message.
> Remote host said: 551 Mydoom.bb@MXLM infected
>
>
>
> --
> Visit http://www.ngwlist.com for help unsubscribing
>
>
[Attachment #3 (text/html)]
<div dir="ltr">On Wed, Aug 27, 2008 at 3:45 PM, Sean Granger <span dir="ltr"><<a \
href="mailto:sgranger@randfinancial.com">sgranger@randfinancial.com</a>></span> \
wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" \
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; \
padding-left: 1ex;"> Anyone else have scanners in place that found someone on the \
list to be sending Mydoom around??<br> <br>
Can someone admin'ing the list please follow up on this, track the message sender \
and inform them they are infected?</blockquote><div><br><br>Ok. I've looked \
at this, and I think its just hysterical virus scanners.<br> \
<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid \
rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br> >>> \
<<a href="mailto:ngw-help@ngwlist.com">ngw-help@ngwlist.com</a>> 08/27/08 \
02:27PM >>><br> To retrieve a set of messages 123-145 (a maximum of 100 per \
request),<br> send an empty message to:<br>
<<a href="mailto:ngw-get.123_145@ngwlist.com">ngw-get.123_145@ngwlist.com</a>><br>
<br>
To receive a subject and author list for the last 100 or so messages,<br>
send an empty message to:<br>
<<a href="mailto:ngw-index@ngwlist.com">ngw-index@ngwlist.com</a>><br>
<br>
Here are the message numbers:<br>
<br>
127462</blockquote><div><br><br>If you follow the directions, and send a \
message to <a href="mailto:ngw-get.127462@ngwlist.com">ngw-get.127462@ngwlist.com</a>, \
you will receive a copy of the message mentioned in the bounce below, that was \
claimed to be infected.<br> <br>However, looking at that message, I can't find \
anything out of the ordinary. Its all text. However, it does contain the \
words "<a href="http://mydomain.com">mydomain.com</a>" quite a few \
times. Which is pretty similar to the "mydoom" virus name.<br> <br>I \
wonder if you will even receive this message since it has the string "<a \
href="http://mydomain.com">mydomain.com</a>" in it.<br><br>Or maybe your virus \
definitions have been fixed by now. (Message 127462 was sent Aug 15th)<br> \
<br>-Trevor<br><br><br> </div><blockquote class="gmail_quote" \
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; \
padding-left: 1ex;"><br> 127466<br>
127463<br>
127468<br>
<br>
--- Enclosed is a copy of the bounce message I received.<br>
<br>
Return-Path: <><br>
Received: (qmail 11511 invoked for bounce); 15 Aug 2008 18:58:00 -0600<br>
Date: 15 Aug 2008 18:58:00 -0600<br>
From: <a href="mailto:MAILER-DAEMON@steastwood.harrison.org">MAILER-DAEMON@steastwood.harrison.org</a><br>
To: <a href="mailto:ngw-return-127462-@ngwlist.com">ngw-return-127462-@ngwlist.com</a><br>
Subject: failure notice<br>
<br>
Hi. This is the qmail-send program at <a href="http://steastwood.harrison.org" \
target="_blank">steastwood.harrison.org</a>.<br> I'm afraid I wasn't able to \
deliver your message to the following addresses.<br> This is a permanent error; \
I've given up. Sorry it didn't work out.<br> <br>
<<a href="mailto:sgranger@randfinancial.com">sgranger@randfinancial.com</a>>:<br>
User and password not set, continuing without authentication.<br>
<<a href="mailto:sgranger@randfinancial.com">sgranger@randfinancial.com</a>> <a \
href="http://208.65.144.3" target="_blank">208.65.144.3</a> failed after I sent the \
message.<br> Remote host said: 551 Mydoom.bb@MXLM infected<br>
<font color="#888888"><br>
<br>
<br>
--<br>
Visit <a href="http://www.ngwlist.com" target="_blank">http://www.ngwlist.com</a> for \
help unsubscribing<br> <br>
</font></blockquote></div><br></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic