Arthur Kerpician wanted us to know: >Microsoft Mail Internet Headers Version 2.0
What is that? >Received: from backup.ccina.ro ([193.41.216.99]) by main-server.ccina.ro >with Microsoft SMTPSVC(5.0.2195.6713); Wed, 11 Aug 2004 17:51:46 +0300 Ok so it made it through the Linux box (backup) to the Exchange box (main-server). >Received: (qmail 22270 invoked by uid 513); 11 Aug 2004 14:53:00 -0000 >Received: from by backup.ccina.ro by uid 505 with qmail-scanner-1.22 >(clamdscan: 0.75.1. spamassassin: 2.60. >Clear:RC:0(193.231.236.7):SA:1(10.3/8.0):. Processed in 28.77455 secs); >11 Aug 2004 14:53:00 -0000 This is a weird Received line. Why does it say that it was received from NULL? Shouldn't there be an IP or hostname there? Actually, it looks like it should be from the qmail-smtpd process. >X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 In the middle of the Received headers? Whoa. >Received: from localhost [127.0.0.1] by backup.ccina.ro with >SpamAssassin (2.60 1.212-2003-09-23-exp); Wed, 11 Aug 2004 17:53:00 +0300 This is the last line of Received headers, so it never says exactly what host it came from. >------------=_411A32CC.A0CB2A31 >Content-Type: text/plain; > charset="iso-8859-1" >Content-Disposition: inline >Content-Transfer-Encoding: 7bit Was this an actual MIME attachment or did they snip out the content for you? >------------=_411A32CC.A0CB2A31 >Content-Type: text/plain; > x-spam-type=original; > name="Quarantined Attachment.txt" >Content-Description: Quarantined Attachment Report >Content-Disposition: attachment; > filename="Quarantined Attachment.txt" >Content-Transfer-Encoding: 7bit Same here? ><END >HEADERS>----------------------------------------------------------------------------------------------------- > >backup.ccina.ro is the Linux/ClamAV machine. Generally, ClamAV stops >this kind of messages... Its job is not to stop bounce or rejection messages, but if it contained the actual virus, then yes, it definitely should have stopped it. Your previous message seemed to indicate that it definitely did contain the virus because a manual scan showed it to contain one. How many threads do you have clamd running with? -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.3-15mdkenterprise 2 users, load average: 0.05, 0.08, 0.08 ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
