[Mimedefang] MD 2.43 - Missing Viruses
Albert Whale
aewhale at ABS-CompTech.com
Mon May 31 12:20:25 EDT 2004
Following this one step further:
grep INPUTMBOX clamd.log
Wed May 19 21:48:25 2004 ->
/var/spool/MIMEDefang/mdefang-i4K1mO9A006766/Work/INPUTMBOX:
Worm.SomeFool.Gen-1 FOUND
Thu May 20 06:04:02 2004 ->
/var/spool/MIMEDefang/mdefang-i4KA3t9A000777/Work/INPUTMBOX:
Worm.Lovgate.X FOUND
Mon May 24 03:33:14 2004 ->
/var/spool/MIMEDefang/mdefang-i4O7XA9A020857/Work/INPUTMBOX: Worm.Gibe.F
FOUND
Mon May 24 03:33:14 2004 ->
/var/spool/MIMEDefang/mdefang-i4O7XA9A020857/Work/INPUTMBOX: Worm.Gibe.F
FOUND
Mon May 24 04:18:33 2004 ->
/var/spool/MIMEDefang/mdefang-i4O8IU9A022786/Work/INPUTMBOX: Worm.Gibe.F
FOUND
Mon May 24 04:18:33 2004 ->
/var/spool/MIMEDefang/mdefang-i4O8IU9A022786/Work/INPUTMBOX: Worm.Gibe.F
FOUND
Mon May 24 05:43:30 2004 ->
/var/spool/MIMEDefang/mdefang-i4O9hQ9A031071/Work/INPUTMBOX: Worm.Gibe.F
FOUND
Mon May 24 05:43:30 2004 ->
/var/spool/MIMEDefang/mdefang-i4O9hQ9A031071/Work/INPUTMBOX: Worm.Gibe.F
FOUND
Tue May 25 13:13:20 2004 ->
/var/spool/MIMEDefang/mdefang-i4PHDI2X001873/Work/INPUTMBOX:
Worm.SomeFool.Gen-1 FOUND
Tue May 25 13:13:29 2004 ->
/var/spool/MIMEDefang/mdefang-i4PHDS2X001890/Work/INPUTMBOX:
Worm.SomeFool.Gen-1 FOUND
Tue May 25 13:13:32 2004 ->
/var/spool/MIMEDefang/mdefang-i4PHDS2Y001890/Work/INPUTMBOX:
Worm.SomeFool.Gen-1 FOUND
Sat May 29 01:20:59 2004 ->
/var/spool/MIMEDefang/mdefang-i4T5Kvvp010138/Work/INPUTMBOX:
Worm.SomeFool.P FOUND
Sun May 30 16:50:47 2004 ->
/var/spool/MIMEDefang/mdefang-i4UKojPx030927/Work/INPUTMBOX:
Worm.SomeFool.P FOUND
It would appear that there is further evidence in the INPUTMBOX Logs.
Most of the INPUTMBOX entries include double entries for the same
message, however there are a few which have only been identified once.
I suspect that these are the ones getting through.
Now if we can determine what makes some of these message have a single
entry and others have duplicate entries .... The saga continues.
--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
SPAM Zapper - www.No-JunkMail.com - SPAM Stops Here.
Founding Board of Directors of Pittsburgh FBI - InfraGard
More information about the MIMEDefang
mailing list