What does this email message indicate?
From: Stan Hilliard (usenetreplyUM_at_samplingplansNOTSPAM.com)
Date: 09/18/04
- Next message: chris_at_nospam.com: "Re: freeware anti virus products"
- Previous message: KillingJoke: "Re: Best AV prog for XP = KAV 5 right?"
- Next in thread: Juergen Nieveler: "Re: What does this email message indicate?"
- Reply:(deleted message) Juergen Nieveler: "Re: What does this email message indicate?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 18 Sep 2004 15:07:06 -0500
What does this email message indicate?
===start
ScanMail for Microsoft Exchange has detected virus-infected
attachment(s).
Sender = xxxxxshilliard@samplingplans.com
Recipient(s) = V Ramkumar
Subject = Mail Delivery (failure xxxxxv.ramkumar@brightpoint.co.in)
Scanning time = 09/18/2004 09:01:19
Engine/Pattern = 7.000-1004/974
Action on virus found:
The message body contains HTML_Netsky.P virus. ScanMail has deleted
the message body.
Warning to sender. ScanMail has detected a virus in an email you sent.
===end
Ignore xxxxx. Mine is the "sender" address.
I have never sent a message to the "subject address" Is it believable
that my PC sent that message, or does it look like a trick?
A second email with the same date-time is about the attachment.
===start
Recipient(s) = V Ramkumar
Subject = Mail Delivery (failure xxxxxv.ramkumar@brightpoint.co.in)
Scanning time = 09/18/2004 09:01:19
Engine/Pattern = 7.000-1004/974
Action on virus found:
The attachment message.scr contains WORM_NETSKY.P virus. ScanMail has
Deleted it.
Warning to sender. ScanMail has detected a virus in an email you sent.
===end
Here is the raw message:
===start
Received: from eg1.dns77.com.dns77.com [209.115.132.2] by
imail3.dns77.com with ESMTP
(SMTPD32-8.12) id ABC9D400A8; Fri, 17 Sep 2004 21:30:17 -0600
X-ASG-Debug-ID: 1095478117-25024-40-0
X-Barracuda-URL: http://209.115.132.2:1927/cgi-bin/mark.cgi
Received: from INw27.brightpoint.co.in (210-210-14-202.lan.sify.net
[210.210.14.202])
by eg1.dns77.com.dns77.com (Spam Firewall) with ESMTP id
2C1CFD00091D
for <xxxxxshilliard@samplingplans.com>; Fri, 17 Sep 2004
21:28:38 -0600 (MDT)
Received: from indld006.brightpoint.co.in ([172.18.101.1]) by INw27
with tre
nd_isnt_name_B; Sat, 18 Sep 2004 08:54:45 +0530
Received: from indld006.brightpoint.co.in ([172.18.101.2]) by
indld006.brigh
tpoint.co.in with Microsoft SMTPSVC(5.0.2195.6713);Sat, 18 Sep
2004 09:01:2
0 +0530
Received: from mail pickup service by indld006.brightpoint.co.in with
Micros
oft SMTPSVC;Sat, 18 Sep 2004 09:01:20 +0530
thread-index: AcSdL/aLe8Ar0ehrSsKMY7kWc2Kk2A==
Thread-Topic: [MailServer Notification]To Sender virus found and
action take
n.
From: <Administrator>
Sender: <Administrator>
To: <xxxxxshilliard@samplingplans.com>
X-ASG-Orig-Subj: [MailServer Notification]To Sender virus found and
action taken.
Subject: [MailServer Notification]To Sender virus found and action
taken.
Date: Sat, 18 Sep 2004 09:01:19 +0530
Message-ID: <1b4601c49d2f$f68b8920$016512ac@brightpoint.co.in>
MIME-Version: 1.0
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
X-OriginalArrivalTime: 18 Sep 2004 03:31:20.0061 (UTC)
FILETIME=[F6AA82D0:01
C49D2F]
X-imss-version: 2.0
X-imss-result: Passed
X-imss-scores: Baseline:14.8653 C:20 M:1 S:5 R:5
X-imss-settings: Clean:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
X-Virus-Scanned: by Barracuda Spam Firewall at dns77.com
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of
TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0
tests=FORGED_RCVD_HELO
X-Barracuda-Spam-Report: Code version 2.63, rules version 2.1.308
Rule breakdown below pts rule name
description
---- ----------------------
-------------------------------------------
0.00 FORGED_RCVD_HELO Received: contains a forged HELO
X-RCPT-TO: <xxxxxshilliard@samplingplans.com>
Status: U
X-UIDL: 380612981
ScanMail for Microsoft Exchange has detected virus-infected
attachment(s).
Sender = xxxxxshilliard@samplingplans.com
Recipient(s) = V Ramkumar
Subject = Mail Delivery (failure xxxxxv.ramkumar@brightpoint.co.in)
Scanning time = 09/18/2004 09:01:19
Engine/Pattern = 7.000-1004/974
Action on virus found:
The message body contains HTML_Netsky.P virus. ScanMail has deleted
the message body.
Warning to sender. ScanMail has detected a virus in an email you sent.
===end
I receive other similar emails. Advice will be appreciated.
Stan Hilliard
- Next message: chris_at_nospam.com: "Re: freeware anti virus products"
- Previous message: KillingJoke: "Re: Best AV prog for XP = KAV 5 right?"
- Next in thread: Juergen Nieveler: "Re: What does this email message indicate?"
- Reply:(deleted message) Juergen Nieveler: "Re: What does this email message indicate?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
