Jump to content
Sign in to follow this  
Enrico_C

What is this (I found it in Held mail) ?

Recommended Posts

==============================================================================

Previewing raw email. Use your browser's back button to return to menu.

==============================================================================

Return-Path: <ravms[at]mail.univaq.it>

Delivered-To: spamcop-net- [myaddress] [at] spamcop.net

Received: (qmail 1073 invoked from network); 27 Jan 2004 13:10:51 -0000

Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)

by blade1.cesmail.net with SMTP; 27 Jan 2004 13:10:51 -0000

Received: (qmail 1001 invoked from network); 27 Jan 2004 13:10:51 -0000

Received: from mail.univaq.it (192.150.195.10)

by mailgate.cesmail.net with SMTP; 27 Jan 2004 13:10:50 -0000

Received: from mail (mail [192.150.195.10])

by mail.univaq.it (8.12.2+Sun/8.12.2) with SMTP id i0RD8fHw009073;

Tue, 27 Jan 2004 14:08:41 +0100 (CET)

X-RAV-AntiVirus: This e-mail has been scanned for viruses on host: mail.univaq.it

Message-Id: <200401271308.i0RD8fHw009073[at]mail.univaq.it>

From: "RAV AntiVirus" <ravms[at]univaq.it>

To: [myaddress] [at]spamcop.net

Subject: RAV Antivirus: risultati di scan

Date: Tue, 27 Jan 2004 14:08:41 +0100

Importance: high

X-MSMail-Priority: 1

X-Priority: 1

X-Mailer: ravmd/8.4.1

MIME-Version: 1.0

Content-Type: text/plain;

charset=US-ASCII

X-spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on blade1

X-spam-Level: ****

X-spam-Status: hits=4.6 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,

X_PRIORITY_HIGH,X_PRI_MISMATCH_HI version=2.60

X-SpamCop-Checked: 192.168.1.101 192.150.195.10 192.150.195.10

X-SpamCop-Disposition: Blocked SpamAssassin=4

Attenzione !

Il file infetto e' stato salvato nella directory quarantena con il nome: 1075208921-dfi0RD8eHw009047.

Il file (part0003:readme.zip)->readme.htm .exe allegato al messaggio (con oggetto:Returned mail: see transcript for details) inviato da mailer-daemon to

[myaddress] [at]spamcop.net e' infettato con il virus: Win32/Mydoom.A[at]mm.

Questo file non puo' essere disinfettato.

Questo file non puo' essere cancellato (probabilmente e' parte di un archivio compresso).

Il messaggio non e' stato consegnato perche' contiene codice pericoloso.

--------------

RAV AntiVirus for SunOS sparc version: 8.4.1 (snapshot-20030214)

Scan engine 8.11 for sparc.

Last update: Tue, 27 Jan 2004 04:03:51 +01

Scanning for 89279 malwares (viruses, trojans and worms).

Edited by Enrico_C

Share this post


Link to post
Share on other sites
X-RAV-AntiVirus: This e-mail has been scanned for viruses onĀ  host: mail.univaq.it

...

From: "RAV AntiVirus" <ravms[at]univaq.it>

...

X-SpamCop-Checked: 192.168.1.101 192.150.195.10 192.150.195.10

X-SpamCop-Disposition: Blocked SpamAssassin=4

This wasn't from Spamcop's AV scanner. It was sent by a scanner at univaq.it, in response to a virus which had your address on it - that doesn't mean you sent the virus, but it is the reason that you get the response.

Spamcop's spamassassin decided that this notification was spam, based on the priority and MIME headers generated by the silly RAV system.

Share this post


Link to post
Share on other sites

Thank you!

I should have thought it can't be from SC, as it comes from univaq.it , an Italian server! Silly question of mine!

Actually the Italian text says they found a virus in a message addressed to me, not from me

Il file (part0003:readme.zip)->readme.htm .exe allegato al messaggio (con oggetto:Returned mail: see transcript for details) inviato da mailer-daemon to

[myaddress] [at]spamcop.net e' infettato con il virus: Win32/Mydoom.A[at]mm.

That means more or less:

The attached file (part0003:readme.zip)->readme.htm .exe in a message (with subject: Returned mail: see transcript for details) sent from mailer-daemon to

[myaddress] [at]spamcop.net is infected with virus: Win32/Mydoom.A[at]mm.

Do you think it is really from RAV or might be a fake?

Anyway, I am not going to report that as spam to Spamcop, as it is not.

Share this post


Link to post
Share on other sites
Do you think it is really from RAV or might be a fake?

Anyway, I am not going to report that as spam to Spamcop, as it is not.

It's almost certainly real. The virus is exploding all over today. Someone tried to send you a virus through that mail server and the mail server caught it and sent you the notification instead. We used to do that, too, (send notifications) but some of the more recent viruses have just been too active and we were sending way too many notifications. So, now, we just throw the viruses away and don't even tell the recipient. So much of the virus is forged, anyway, that usually the recipient couldn't even figure out who it really came from to tell them.

JT

Share this post


Link to post
Share on other sites

That makes sense :)

For the record, it was the first time I received a virus notification from the *sender*'s mailserver. :ph34r:

Anyway, I guess someone should tell the RAV guys their notices are sort of malformed, aren't they?, and thus likely to be considered "spam"!

Here's what SpamAssassin said:

X-spam-Status: hits=4.6 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,

X_PRIORITY_HIGH,X_PRI_MISMATCH_HI version=2.60

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×