RE: Possible virus infected user

RE: Possible virus infected user

am 10.08.2004 09:36:30 von Boyle Owen

> ----- Original Message -----=20
> From: "Don Woodward"
> To:
> Cc:
> Sent: Monday, August 09, 2004 14:44
> Subject: Possible virus infected user
>=20
>=20
> Modssl list owner and rse@engelschall.com:
>=20
> Please check rse@engelschall.com - I have received several=20
> dozen e-mail's
> via the list from this address - each has a "price2.zip" file=20
> attached and
> the body says "new price" - I believe this person's computer=20
> has a virus and
> they don't know it.

"rse" is actually Ralf S. Engelschall - the guru who wrote mod_ssl in
the first place! However, it's not him sending the mails. The mails are
viral spam and if you look into the header, you'll see that they are
sent to the list-server from:

Received: from office.net (c-24-20-135-99.client.comcast.net
[24.20.135.99])
by master.modssl.org (Postfix) with SMTP id 2EBC0A8CD1
for ; Mon, 9 Aug 2004 18:35:50 +0200
(CEST)

What it looks like is that this machine is spoofing the "MAIL From:"
field in SMTP when it sends to the list-server (master.modssl.org). To
block these, the list-server has to implement a rule whereby it does not
accept mail on an external interface which is apparently-from an
internal server.=20

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20



>=20
> Thanks,
>=20
>=20
> Don Woodward
>=20
>=20
>=20
>=20
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>=20
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender=92s company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender=92s company.=20


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org