Your bogus AV notice (was: Re: [Namron] VIRUS (W32/Mydoom.a at MM) IN MAIL FROM YOU)

Wed Feb 11 08:25:46 PST 2004

postmaster at arthur.2alpha.com:

Please configure your AV software to _NOT_ send these bogus notices. 
The modern generation of worms forges SMTP envelope data and headers, 
and any AV software that believes these will be sending notices to 
totally innocent parties. 

FYI, the headers in the mail you received were forged. Ansteorra.org 
is not a CNAME for conneaut.iu5.org:

$host ansteorra.org
ansteorra.org has address 24.173.79.134
ansteorra.org mail is handled (pri=100) by stardock.pug.net
ansteorra.org mail is handled (pri=50) by mail.ansteorra.org

I run the mailfilters for a large government agency, and see hundreds
of these every day at work. Please stop sending them, as they're
getting to be every bit as bad as the machines that _are_ infected. 

---------------------------------------------------------------

Namronites: 

Ignore the bogus notice, but *do* check your systems daily for worms
and viruses; there's a bunch of new stuff out there, and more every day. 
Practice safe hex. 

Mike Andrews	/	Michael Fenwick 	Barony of Namron, Ansteorra
mikea at mikea.ath.cx
Tired old music Laurel 

---------------------------------------------------------------

On Wed, Feb 11, 2004 at 05:56:02AM -0800, amavisd-new wrote:
> VIRUS ALERT
> 
> Our content checker found
>     virus: W32/Mydoom.a at MM
> in email presumably from you (<namron at ansteorra.org>), to the following recipient:
> -> els at mail.enchantedlearning.com
> 
> Please check your system for viruses,
> or ask your system administrator to do so.
> 
> Delivery of the email was stopped!
> 
> 
> For your reference, here are headers from your email:
> ------------------------- BEGIN HEADERS -----------------------------
> Return-Path: <namron at ansteorra.org>
> Received: from ansteorra.org (conneaut.iu5.org [64.83.156.34])
> 	by arthur.2alpha.com (Postfix) with ESMTP id B507F64AF9
> 	for <joe at enchantedlearning.com>; Wed, 11 Feb 2004 05:56:00 -0800 (PST)
> From: namron at ansteorra.org
> To: joe at enchantedlearning.com
> Subject: Error
> Date: Wed, 11 Feb 2004 08:58:53 -0500
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> 	boundary="----=_NextPart_000_0011_9528D175.8E5DEFD2"
> X-Priority: 3
> X-MSMail-Priority: Normal
> Message-Id: <20040211135600.B507F64AF9 at arthur.2alpha.com>
> -------------------------- END HEADERS ------------------------------

Content-Description: Delivery error report
> Reporting-MTA: dns; arthur.2alpha.com
> Received-From-MTA: smtp; arthur.2alpha.com ([127.0.0.1])
> Arrival-Date: Wed, 11 Feb 2004 05:56:01 -0800 (PST)
> 
> Final-Recipient: rfc822; els at mail.enchantedlearning.com
> Action: failed
> Status: 5.7.1
> Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=06745-01 - VIRUS:
> 	W32/Mydoom.a at MM
> Last-Attempt-Date: Wed, 11 Feb 2004 05:56:02 -0800 (PST)

Content-Description: Undelivered-message headers
> Received: from ansteorra.org (conneaut.iu5.org [64.83.156.34])
> 	by arthur.2alpha.com (Postfix) with ESMTP id B507F64AF9
> 	for <joe at enchantedlearning.com>; Wed, 11 Feb 2004 05:56:00 -0800 (PST)
> From: namron at ansteorra.org
> To: joe at enchantedlearning.com
> Subject: Error
> Date: Wed, 11 Feb 2004 08:58:53 -0500
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> 	boundary="----=_NextPart_000_0011_9528D175.8E5DEFD2"
> X-Priority: 3
> X-MSMail-Priority: Normal
> Message-Id: <20040211135600.B507F64AF9 at arthur.2alpha.com>

> _______________________________________________
> Namron mailing list
> Namron at ansteorra.org
> http://www.ansteorra.org/mailman/listinfo/namron