> charm, until today. It seems that clamscan chokes on certain messages,
> doing nothing but eating CPU time. Is it a coincidence, or could this
> new Worm.Palyh.A worm have something to do with it ?
I was looking for a virus scanner today and in reading your maillist logs,
I just had to point out something interesting. The quoted message below
is from the squirrelmail list, and the message description seems to match
Palyh, though it might've been sent just before the virus was widely
identified. You might want to check with the sender of the message below
to find out if there's anything common between your machines. It might
also be that there is in fact something about Palyh that messes up some
clients/MTA's.
Quoted message follows:
>From "Bruce" <[EMAIL PROTECTED]>
Subject [SM-USERS] Spam Message Kills Squirrels
Date Tue, May 20, 2003 10:47
To [EMAIL PROTECTED]
--------------------------------------------------------------------------------
I use SquirrelMail (currently 1.4.0) to access my mail from a remote POP3
server. Generally, it works perfectly, but there is one particular
spam/virus message that will invariably choke Squirrelmail; it is those
fake messages regarding Windows bug fixes that come with attachments the
sender hopes the user will open.
These particular messages seem to do something very odd to Squirrelmail. I
have my POP3 settings for Squirrelmail to delete messages from the server,
and usually it does. However, with this particular email the message and
attachment is downloaded, but it isn't deleted from the server, so if I
check my mail again, I will have two copies of that message (and any other
messages retrieved along with it). So, for instance, if there are 5 new
messages since the last time I checked my email, and the 5th is this
spam/virus message, if I check my email again I will have 10 unread
messages, check again 15, etc. etc., it just downloads the same messages
over and over again. SM is also not able to get past the fake MS message;
any newer messages never get through.
The only way to fix this is to launch another mail client to retrieve and
delete the message from the server, following which Squirrelmail works
fine again.
When I receive one of these messages, I get the following error in the
top-left corner:
Mail Fetch Result:
Warning, POP3 get: Error
[MS Public Support]
Any thoughts on what to do about this?
Thanks, Bruce
The following is the header info from the offending message:
_________________________________________________
Return-Path: <[EMAIL PROTECTED]>
Received: from rwcrmhc53.attbi.com ([204.127.198.39])
by tomts21-srv.bellnexxia.net
(InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP id
<[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>; Mon, 19 May 2003 00:24:15 -0400
Date: Mon, 19 May 2003 04:24:05 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from mypjb (12-226-245-7.client.attbi.com[12.226.245.7])
by attbi.com (rwcrmhc53) with SMTP
id <2003051904235305300j2vn5e>; Mon, 19 May 2003 04:24:02 +0000
FROM: "MS Public Support" <[EMAIL PROTECTED]>
TO: "Microsoft Consumer"
SUBJECT: Microsoft Security Pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="qLLHorAenYpBSfERQ"
Message-Id:
<[EMAIL PROTECTED]>
__________________________________________________________
-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
--------------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
