Virenmailheaderinterpretation -> Abuse
Ralf
rgx at gmx.de
Wed Jun 16 15:48:23 CEST 2004
Hi Jan,
danke für deine Anmerkungen, also aus Norwegen kommen diese Viren? Die
Mails sind fast immer 142 kB groß, enthalten eine EXE-Datei im Anhang
und sind entweder als "Mail Failure Report" oder als "MS Update"
getarnt. Hier habe ich noch einen Header mitgebracht, der auf das selbe
Netz als Urheber hinweist:
Return-Path: <bjorn.bunger at swipnet.se>
X-Flags: 0000
Delivered-To: GMX delivery to ... at gmx.de
Received: (qmail 30521 invoked by uid 65534); 17 May 2004 22:12:16
-0000
Received: from mailfe06.swip.net (EHLO mailfe06.swip.net)
(212.247.154.161)
by mx0.gmx.net (mx050) with SMTP; 18 May 2004 00:12:16 +0200
Received: from [213.101.22.67] (HELO qliublrk)
by mailfe06.swip.net (CommuniGate Pro SMTP 4.2b4a)
with SMTP id 39758256; Tue, 18 May 2004 00:11:19 +0200
FROM: "Delivery Service" <postroutine at bigfoot.com>
TO: "Email Receiver" <recipient at emailserver.com>
SUBJECT: Abort Report
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="eblmqsl"
Date: Tue, 18 May 2004 00:11:19 +0200
Message-ID: <auto-000039758256 at mailfe06.swip.net>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
Status: RO
X-Status: U
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
(HTML-Tags removed by RG)
iframe src="cid:camqziuqohzzxw" height=0 width=0
Hi.
This is the qmail program
I&apsm sorry the message returned below could not be delivered to one or
more destinations.
Undelivered to kcsrur at bigfoot.com
Message follows:
______________________________________
More information about the Linux
mailing list