Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SpamAssasin - path disclosure

From: Kane Lightowler <kane.lightowler () it alstom com au>
Date: Mon, 25 Aug 2003 06:53:05 +1000
As previously explained this is not spam assassin this is Trend Micro
Interscan VirusWall

http://www.trendmicro.com/en/products/gateway/isvw/evaluate/overview.htm


Regards,
Kane Lightowler

-----Original Message-----
From: morning_wood [mailto:se_cur_ity () hotmail com] 
Sent: Sunday, 24 August 2003 4:13 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] SpamAssasin - path disclosure


funny things... SpamAssassin results

1. spoof

80.179.152.112.forward.012.net.il (80.179.152.112)

Whois:

80.179.152.0 - 80.179.171.255
Please Send Abuse/SPAM complaints
To abuse () 012 net
DNS REG
25 Hsivim st. Petach-Tiikva, Israel
dnsreg () 012 net il

2. path reveal

The uncleanable file details.pif is moved to /etc/iscan/virus/virZNvE0n

-------------------------- snip -------------------------

Return-Path: <morning_wood () exploitlabs com>
Received: (qmail 2425 invoked by uid 504); 21 Aug 2003 15:03:01 -0000
Received: from localhost (HELO iceman.incidents.org) (127.0.0.1)
  by 0 with SMTP; 21 Aug 2003 15:03:01 -0000
Received: (qmail 2164 invoked from network); 21 Aug 2003 15:02:30 -0000
Received: from 80.179.152.112.forward.012.net.il (HELO SKUNK)
(80.179.152.112)
  by 0 with SMTP; 21 Aug 2003 15:02:30 -0000
From: <morning_wood () exploitlabs com>
To: <intrusions-digest-subscribe () incidents org>
Date: Thu, 7 Jan 1999 14:20:55 +0200
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="_NextPart_000_0E151FE1"
X-Spam-Status: Yes, hits=8.0 required=6.5
tests=AWL,DATE_IN_PAST_96_XX,FORGED_MUA_OUTLOOK,
      MIME_BOUND_NEXTPART,MISSING_MIMEOLE,NO_REAL_NAME,
      RAZOR2_CHECK
version=2.53
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
X-Spam-Report:   ---- Start SpamAssassin results
  8.00 points, 6.5 required;
  *  0.7 -- From: does not include a real name
  *  2.0 -- Listed in Razor2, see http://razor.sf.net/
  *  2.0 -- Date: is 96 hours or more before Received: date
  *  3.3 -- Forged mail pretending to be from MS Outlook
  *  0.5 -- Message has X-MSMail-Priority, but no X-MimeOLE
  *  0.4 -- Spam tool pattern in MIME boundary
  * -0.9 -- AWL: Auto-whitelist adjustment
  ---- End of SpamAssassin results
X-Spam-Flag: YES
Subject: *****SPAM***** Your details

This is a multipart message in MIME format

--_NextPart_000_0E151FE1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

------------------  Virus Warning Message (on the network)

Found virus WORM_SOBIG.F in file details.pif
The uncleanable file details.pif is moved to /etc/iscan/virus/virZNvE0n

--------------------- snip ---------------------------


Donnie Werner
http://e2-labs.com 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


CONFIDENTIALITY: This e-mail and any attachments are confidential and may be privileged. If you are not a named 
recipient,please notify the sender immediately and do not disclose the contents to another person, use it for any 
purpose or store or copy the information in any medium.
Previous By Date Next
Previous By Thread Next

Current thread: