==============================================================================
Previewing raw email. Use your browser's back button to return to menu.
==============================================================================
Return-Path: <ravms[at]mail.univaq.it>
Delivered-To: spamcop-net- [myaddress] @ spamcop.net
Received: (qmail 1073 invoked from network); 27 Jan 2004 13:10:51 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
by blade1.cesmail.net with SMTP; 27 Jan 2004 13:10:51 -0000
Received: (qmail 1001 invoked from network); 27 Jan 2004 13:10:51 -0000
Received: from mail.univaq.it (192.150.195.10)
by mailgate.cesmail.net with SMTP; 27 Jan 2004 13:10:50 -0000
Received: from mail (mail [192.150.195.10])
by mail.univaq.it (8.12.2+Sun/8.12.2) with SMTP id i0RD8fHw009073;
Tue, 27 Jan 2004 14:08:41 +0100 (CET)
X-RAV-AntiVirus: This e-mail has been scanned for viruses on host: mail.univaq.it
Message-Id: <200401271308.i0RD8fHw009073[at]mail.univaq.it>
From: "RAV AntiVirus" <ravms[at]univaq.it>
To: [myaddress] @spamcop.net
Subject: RAV Antivirus: risultati di scan
Date: Tue, 27 Jan 2004 14:08:41 +0100
Importance: high
X-MSMail-Priority: 1
X-Priority: 1
X-Mailer: ravmd/8.4.1
MIME-Version: 1.0
Content-Type: text/plain;
charset=US-ASCII
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on blade1
X-Spam-Level: ****
X-Spam-Status: hits=4.6 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,
X_PRIORITY_HIGH,X_PRI_MISMATCH_HI version=2.60
X-SpamCop-Checked: 192.168.1.101 192.150.195.10 192.150.195.10
X-SpamCop-Disposition: Blocked SpamAssassin=4
Attenzione !
Il file infetto e' stato salvato nella directory quarantena con il nome: 1075208921-dfi0RD8eHw009047.
Il file (part0003:readme.zip)->readme.htm .exe allegato al messaggio (con oggetto:Returned mail: see transcript for details) inviato da mailer-daemon to
[myaddress] @spamcop.net e' infettato con il virus: Win32/Mydoom.A[at]mm.
Questo file non puo' essere disinfettato.
Questo file non puo' essere cancellato (probabilmente e' parte di un archivio compresso).
Il messaggio non e' stato consegnato perche' contiene codice pericoloso.
--------------
RAV AntiVirus for SunOS sparc version: 8.4.1 (snapshot-20030214)
Scan engine 8.11 for sparc.
Last update: Tue, 27 Jan 2004 04:03:51 +01
Scanning for 89279 malwares (viruses, trojans and worms).
Full Version: What is this (I found it in Held mail) ?
QUOTE(Enrico_C @ Jan 27 2004, 04:29 PM)
X-RAV-AntiVirus: This e-mail has been scanned for viruses on host: mail.univaq.it
...
From: "RAV AntiVirus" <ravms[at]univaq.it>
...
X-SpamCop-Checked: 192.168.1.101 192.150.195.10 192.150.195.10
X-SpamCop-Disposition: Blocked SpamAssassin=4
...
From: "RAV AntiVirus" <ravms[at]univaq.it>
...
X-SpamCop-Checked: 192.168.1.101 192.150.195.10 192.150.195.10
X-SpamCop-Disposition: Blocked SpamAssassin=4
This wasn't from Spamcop's AV scanner. It was sent by a scanner at univaq.it, in response to a virus which had your address on it - that doesn't mean you sent the virus, but it is the reason that you get the response.
Spamcop's spamassassin decided that this notification was spam, based on the priority and MIME headers generated by the silly RAV system.
Thank you!
I should have thought it can't be from SC, as it comes from univaq.it , an Italian server! Silly question of mine!
Actually the Italian text says they found a virus in a message addressed to me, not from me
Il file (part0003:readme.zip)->readme.htm .exe allegato al messaggio (con oggetto:Returned mail: see transcript for details) inviato da mailer-daemon to
[myaddress] @spamcop.net e' infettato con il virus: Win32/Mydoom.A[at]mm.
That means more or less:
The attached file (part0003:readme.zip)->readme.htm .exe in a message (with subject: Returned mail: see transcript for details) sent from mailer-daemon to
[myaddress] @spamcop.net is infected with virus: Win32/Mydoom.A[at]mm.
Do you think it is really from RAV or might be a fake?
Anyway, I am not going to report that as spam to Spamcop, as it is not.
I should have thought it can't be from SC, as it comes from univaq.it , an Italian server! Silly question of mine!
Actually the Italian text says they found a virus in a message addressed to me, not from me
Il file (part0003:readme.zip)->readme.htm .exe allegato al messaggio (con oggetto:Returned mail: see transcript for details) inviato da mailer-daemon to
[myaddress] @spamcop.net e' infettato con il virus: Win32/Mydoom.A[at]mm.
That means more or less:
The attached file (part0003:readme.zip)->readme.htm .exe in a message (with subject: Returned mail: see transcript for details) sent from mailer-daemon to
[myaddress] @spamcop.net is infected with virus: Win32/Mydoom.A[at]mm.
Do you think it is really from RAV or might be a fake?
Anyway, I am not going to report that as spam to Spamcop, as it is not.
QUOTE(Enrico_C @ Jan 27 2004, 01:42 PM)
Do you think it is really from RAV or might be a fake?
Anyway, I am not going to report that as spam to Spamcop, as it is not.
Anyway, I am not going to report that as spam to Spamcop, as it is not.
It's almost certainly real. The virus is exploding all over today. Someone tried to send you a virus through that mail server and the mail server caught it and sent you the notification instead. We used to do that, too, (send notifications) but some of the more recent viruses have just been too active and we were sending way too many notifications. So, now, we just throw the viruses away and don't even tell the recipient. So much of the virus is forged, anyway, that usually the recipient couldn't even figure out who it really came from to tell them.
JT
That makes sense 
For the record, it was the first time I received a virus notification from the *sender*'s mailserver.
Anyway, I guess someone should tell the RAV guys their notices are sort of malformed, aren't they?, and thus likely to be considered "spam"!
Here's what SpamAssassin said:
X-Spam-Status: hits=4.6 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,
X_PRIORITY_HIGH,X_PRI_MISMATCH_HI version=2.60
For the record, it was the first time I received a virus notification from the *sender*'s mailserver.
Anyway, I guess someone should tell the RAV guys their notices are sort of malformed, aren't they?, and thus likely to be considered "spam"!
Here's what SpamAssassin said:
X-Spam-Status: hits=4.6 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,
X_PRIORITY_HIGH,X_PRI_MISMATCH_HI version=2.60
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.