[Project_owners] project fowarding virus?

Bogdan Stancescu bogdan at moongate.ro
Thu Jan 29 14:11:58 EST 2004


Hi Carey,

I have the same problem with business partners receiving infected 
messages which look like they're originating from my e-mail address. The 
funny thing is that the respective address is just one on my redirect 
addresses. Even if I got infected, no virus would know the credentials 
to send mail using that server because I don't have that data stored in 
any of my mail profiles.

So obviously you have *absolutely* nothing to do with that, except the 
fact that the infected computer's user has your e-mail address in their 
address book. And they obviously also have the other person's e-mail 
address.

Ergo, ignore it. It's out of your hands.

Just my 2c, of course,
Bogdan

Carey Stevens wrote:

> Hi,
>
> I have email telling me that my project has mailed the W32/Mydoom 
> virus to somebody(attached). I don't know the person and never sent 
> the email.
>
> I'm not sure how to respond to this other than ignore it. Is this a 
> wider mozdev.org problem? Is there anything I can do administering my 
> project to reduce this happening?
>
> I don't use windows so haven't had any virus problems myself before.
>
> Any ideas?
>
> Thanks
>
> Carey
>
> ------------------------------------------------------------------------
>
> Subject:
> Mogle post from postmaster at irisa.fr requires approval
> From:
> mogle-owner at mozdev.org
> Date:
> Thu, 29 Jan 2004 02:01:16 -0500
> To:
> mogle-owner at mozdev.org
>
> To:
> mogle-owner at mozdev.org
>
>
>As list administrator, your authorization is requested for the
>following mailing list posting:
>
>    List:    Mogle at mozdev.org
>    From:    postmaster at irisa.fr
>    Subject: VIRUS (W32/Mydoom.a at MM) IN MAIL FROM YOU
>    Reason:  Post by non-member to a members-only list
>
>At your convenience, visit:
>
>    http://mozdev.org/mailman/admindb/mogle
>        
>to approve or deny the request.
>  
>
>
> ------------------------------------------------------------------------
>
> Subject:
> VIRUS (W32/Mydoom.a at MM) IN MAIL FROM YOU
> From:
> amavisd-new <postmaster at irisa.fr>
> Date:
> Thu, 29 Jan 2004 07:52:16 +0100 (CET)
> To:
> <mogle at mozdev.org>
>
> To:
> <mogle at mozdev.org>
>
>
>VIRUS ALERT
>
>Our content checker found
>    virus: W32/Mydoom.a at MM
>in email presumably from you (<mogle at mozdev.org>), to the following recipient:
>-> gerardo.rubino at irisa.fr
>
>Please check your system for viruses,
>or ask your system administrator to do so.
>
>Delivery of the email was stopped!
>
>
>For your reference, here are headers from your email:
>------------------------- BEGIN HEADERS -----------------------------
>Return-Path: <mogle at mozdev.org>
>Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39])
>	by smtp.irisa.fr (Postfix) with ESMTP id 4087EFB92
>	for <gerardo.rubino at irisa.fr>; Thu, 29 Jan 2004 07:52:16 +0100 (CET)
>X-SPAM-Warning: Sending machine is listed in blackholes.five-ten-sg.com
>Received: from mozdev.org ([62.192.136.196])
>	by concorde.inria.fr (8.11.1/8.11.1) with ESMTP id i0T6oiP14498
>	for <gerardo.rubino at inria.fr>; Thu, 29 Jan 2004 07:50:53 +0100 (MET)
>Message-Id: <200401290650.i0T6oiP14498 at concorde.inria.fr>
>From: mogle at mozdev.org
>To: gerardo.rubino at inria.fr
>Subject: Hi
>Date: Thu, 29 Jan 2004 07:50:20 +0100
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
>	boundary="----=_NextPart_000_0002_CC585C4A.8E3AB763"
>X-Priority: 3
>X-MSMail-Priority: Normal
>-------------------------- END HEADERS ------------------------------
>  
>
>------------------------------------------------------------------------
>
>Reporting-MTA: dns; meli.irisa.fr
>Received-From-MTA: smtp; smtp.irisa.fr ([131.254.130.26])
>Arrival-Date: Thu, 29 Jan 2004 07:52:16 +0100 (CET)
>
>Final-Recipient: rfc822; gerardo.rubino at irisa.fr
>Action: failed
>Status: 5.7.1
>Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=25161-08 - VIRUS:
>	W32/Mydoom.a at MM
>Last-Attempt-Date: Thu, 29 Jan 2004 07:52:16 +0100 (CET)
>  
>
>------------------------------------------------------------------------
>
>Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39])
>	by smtp.irisa.fr (Postfix) with ESMTP id 4087EFB92
>	for <gerardo.rubino at irisa.fr>; Thu, 29 Jan 2004 07:52:16 +0100 (CET)
>X-SPAM-Warning: Sending machine is listed in blackholes.five-ten-sg.com
>Received: from mozdev.org ([62.192.136.196])
>	by concorde.inria.fr (8.11.1/8.11.1) with ESMTP id i0T6oiP14498
>	for <gerardo.rubino at inria.fr>; Thu, 29 Jan 2004 07:50:53 +0100 (MET)
>Message-Id: <200401290650.i0T6oiP14498 at concorde.inria.fr>
>From: mogle at mozdev.org
>To: gerardo.rubino at inria.fr
>Subject: Hi
>Date: Thu, 29 Jan 2004 07:50:20 +0100
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
>	boundary="----=_NextPart_000_0002_CC585C4A.8E3AB763"
>X-Priority: 3
>X-MSMail-Priority: Normal
>  
>
>
> ------------------------------------------------------------------------
>
> Subject:
> confirm 66350f46c4098458e09d0dafc0b9fb09c46c00f1
> From:
> mogle-request at mozdev.org
>
>
>If you reply to this message, keeping the Subject: header intact,
>Mailman will discard the held message.  Do this if the message is
>spam.  If you reply to this message and include an Approved: header
>with the list password in it, the message will be approved for posting
>to the list.  The Approved: header can also appear in the first line
>of the body of the reply.
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Project_owners mailing list
>Project_owners at mozdev.org
>http://mozdev.org/mailman/listinfo/project_owners
>  
>



More information about the Project_owners mailing list