| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <F1D82290F689D411923A00A0C9ACA76F01DDE421@pyis400.it.alstom.com.au>
From: kane.lightowler at it.alstom.com.au (Kane Lightowler)
Subject: SpamAssasin - path disclosure
As previously explained this is not spam assassin this is Trend Micro
Interscan VirusWall
http://www.trendmicro.com/en/products/gateway/isvw/evaluate/overview.htm
Regards,
Kane Lightowler
-----Original Message-----
From: morning_wood [mailto:se_cur_ity@...mail.com]
Sent: Sunday, 24 August 2003 4:13 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] SpamAssasin - path disclosure
funny things... SpamAssassin results
1. spoof
80.179.152.112.forward.012.net.il (80.179.152.112)
Whois:
80.179.152.0 - 80.179.171.255
Please Send Abuse/SPAM complaints
To abuse@....net
DNS REG
25 Hsivim st. Petach-Tiikva, Israel
dnsreg@....net.il
2. path reveal
The uncleanable file details.pif is moved to /etc/iscan/virus/virZNvE0n
-------------------------- snip -------------------------
Return-Path: <morning_wood@...loitlabs.com>
Received: (qmail 2425 invoked by uid 504); 21 Aug 2003 15:03:01 -0000
Received: from localhost (HELO iceman.incidents.org) (127.0.0.1)
by 0 with SMTP; 21 Aug 2003 15:03:01 -0000
Received: (qmail 2164 invoked from network); 21 Aug 2003 15:02:30 -0000
Received: from 80.179.152.112.forward.012.net.il (HELO SKUNK)
(80.179.152.112)
by 0 with SMTP; 21 Aug 2003 15:02:30 -0000
From: <morning_wood@...loitlabs.com>
To: <intrusions-digest-subscribe@...idents.org>
Date: Thu, 7 Jan 1999 14:20:55 +0200
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="_NextPart_000_0E151FE1"
X-Spam-Status: Yes, hits=8.0 required=6.5
tests=AWL,DATE_IN_PAST_96_XX,FORGED_MUA_OUTLOOK,
MIME_BOUND_NEXTPART,MISSING_MIMEOLE,NO_REAL_NAME,
RAZOR2_CHECK
version=2.53
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
X-Spam-Report: ---- Start SpamAssassin results
8.00 points, 6.5 required;
* 0.7 -- From: does not include a real name
* 2.0 -- Listed in Razor2, see http://razor.sf.net/
* 2.0 -- Date: is 96 hours or more before Received: date
* 3.3 -- Forged mail pretending to be from MS Outlook
* 0.5 -- Message has X-MSMail-Priority, but no X-MimeOLE
* 0.4 -- Spam tool pattern in MIME boundary
* -0.9 -- AWL: Auto-whitelist adjustment
---- End of SpamAssassin results
X-Spam-Flag: YES
Subject: *****SPAM***** Your details
This is a multipart message in MIME format
--_NextPart_000_0E151FE1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
------------------ Virus Warning Message (on the network)
Found virus WORM_SOBIG.F in file details.pif
The uncleanable file details.pif is moved to /etc/iscan/virus/virZNvE0n
--------------------- snip ---------------------------
Donnie Werner
http://e2-labs.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
CONFIDENTIALITY: This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient,please notify the sender immediately and do not disclose the contents to another person, use it for any purpose or store or copy the information in any medium.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030825/a0efd5f9/attachment.html
Powered by blists - more mailing lists