It looks like someone is using a very old copy of the winnow unofficial clamav files. There was a pastie that contained a zeus injection some time ago but it has been removed and the former signature was removed from our database at that time. Tom Begin forwarded message: > From: Tamara Temple <tamouse.lists@xxxxxxxxx> > Date: October 31, 2010 9:06:01 PM EDT > To: PHP General <php-general@xxxxxxxxxxxxx> > Subject: Fwd: Mail delivery failed: returning message to sender > > Is this something I need to worry about?? Is my mail sending some malware?? > > Begin forwarded message: > >> From: Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxxxxx> >> Date: October 31, 2010 7:37:54 PM CDT >> To: Tamara Temple <tamouse.lists@xxxxxxxxx> >> Subject: Mail delivery failed: returning message to sender >> >> This message was created automatically by mail delivery software. >> >> A message sent by >> >> <php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx> >> >> could not be delivered to all of its recipients. >> The following address(es) failed: >> >> <sascha.braun@xxxxxxxxxx> >> >> The following text was generated during the delivery attempt(s): >> >> <sascha.braun@xxxxxxxxxx> >> (reason: 550 This message contains malware (winnow.malware.wa.webinjection.1450.UNOFFICIAL)) >> >> ------ This is a copy of the message, including all the headers. >> >> Received: from [192.168.1.110] (helo=mailin01.ims-firmen.de) >> by mail01.ims-firmen.de with esmtp (Exim 4.69) >> (envelope-from <php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx>) >> id 1PCiPJ-0001i7-R8 >> for sascha.braun@xxxxxxxxxx; Mon, 01 Nov 2010 01:37:53 +0100 >> Received: from pb1.pair.com ([76.75.200.58] helo=lists.php.net) >> by mailin01.ims-firmen.de with esmtp (Exim 4.72) >> (envelope-from <php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx>) >> id 1PCiPs-00047o-Sb >> for sascha.braun@xxxxxxxxxx; Mon, 01 Nov 2010 01:38:29 +0100 >> Authentication-Results: pb1.pair.com header.from=tamouse.lists@xxxxxxxxx; domainkeys=bad >> DomainKey-Status: bad >> X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 >> X-Host-Fingerprint: 76.75.200.58 pb1.pair.com >> Received: from [76.75.200.58] ([76.75.200.58:2084] helo=lists.php.net) >> by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP >> id EF/73-24094-FDB0ECC4 for <sascha.braun@xxxxxxxxxx>; Sun, 31 Oct 2010 19:37:51 -0500 >> Received: (qmail 51732 invoked by uid 1010); 1 Nov 2010 00:37:02 -0000 >> Mailing-List: contact php-general-help@xxxxxxxxxxxxx; run by ezmlm >> Precedence: bulk >> list-help: <mailto:php-general-help@xxxxxxxxxxxxx> >> list-unsubscribe: <mailto:php-general-unsubscribe@xxxxxxxxxxxxx> >> list-post: <mailto:php-general@xxxxxxxxxxxxx> >> List-Id: php-general.lists.php.net >> Delivered-To: mailing list php-general@xxxxxxxxxxxxx >> Received: (qmail 51725 invoked from network); 1 Nov 2010 00:37:02 -0000 >> Authentication-Results: pb1.pair.com header.from=tamouse.lists@xxxxxxxxx; sender-id=pass; domainkeys=bad >> Authentication-Results: pb1.pair.com smtp.mail=tamouse.lists@xxxxxxxxx; spf=pass; sender-id=pass >> Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.170 as permitted sender) >> X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 >> X-PHP-List-Original-Sender: tamouse.lists@xxxxxxxxx >> X-Host-Fingerprint: 209.85.214.170 mail-iw0-f170.google.com >> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; >> d=gmail.com; s=gamma; >> h=domainkey-signature:received:received:message-id:from:to >> :in-reply-to:content-type:content-transfer-encoding:mime-version >> :subject:x-priority:date:references:x-mailer; >> bh=1SBvdJiJMqFW3oAPgBXlRPveD1uwTXHSzA8U6+E93g0=; >> b=XHIyqG6ZzyCKVSLzyPdNuLXtAIWM1ny0zKFupfTsZgMElSrlCA1aJ9FpDUGvgHMQof >> 0ygppTTq2fo3499HwTzbRYXQSJ4Z2NiEZfYHmwwoTmuenC9XjYbPk+ZUE3p+6S4Okbsm >> sSzu18qFOWAGGhJ8dG8LfcDSfhKhRj3R57Yh4= >> DomainKey-Signature: a=rsa-sha1; c=nofws; >> d=gmail.com; s=gamma; >> h=message-id:from:to:in-reply-to:content-type >> :content-transfer-encoding:mime-version:subject:x-priority:date >> :references:x-mailer; >> b=CnWjshGm9zyFaRv0eUKJml94xT5U1Lb+kEBb503a7VlYtSAWaZm4nK38otH7iJ+Bit >> wr77nJ0SSxoXmaQ/ljQ16IoSGhhXJ9Ew6lOaBE7ntbjibfYnnz7Yzi+sfGt+8STXjHZx >> LP7Z8lk+uMvIH4gNDGw6CcqWawTHJ3Ll7PX7o= >> Message-Id: <30708A14-2818-4B28-87F9-11DB56C40A73@xxxxxxxxx> >> From: Tamara Temple <tamouse.lists@xxxxxxxxx> >> To: PHP General <php-general@xxxxxxxxxxxxx> >> In-Reply-To: <DC.91.40062.3516DCC4@xxxxxxxxxxxx> >> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes >> Content-Transfer-Encoding: 7bit >> Mime-Version: 1.0 (Apple Message framework v936) >> X-Priority: 3 >> Date: Sun, 31 Oct 2010 19:36:53 -0500 >> References: <15.34.06635.E1B1BCC4@xxxxxxxxxxxx> <p06240800c8f1d19b992f@[192.168.1.2]> <CE.B0.10139.73C2CCC4@xxxxxxxxxxxx> <94DF613C-6B40-4897-B101-21CF7D83A763@xxxxxxxxx> <DC.91.40062.3516DCC4@xxxxxxxxxxxx> >> X-Mailer: Apple Mail (2.936) >> Subject: Re: Watermark with GD >> X-Envelope-To: sascha.braun@xxxxxxxxxx >> X-Envelope-From: php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx >> X-IMS-IP: 76.75.200.58 >> X-AV-scan: yes >> >> >> On Oct 31, 2010, at 7:29 AM, Gary wrote: >>> Thanks for the reply, here is a link to the code of the page. >>> >>> http://www.paulgdesigns.com/detailcode.php >>> >> >> Ok, that was pretty messy code. But what I could glean from it is >> this. (See your code at http://pastie . org/1262989). >> >> Line 238: <table border="2" cellpadding="0" width="100%" ><tr><td >> width="auto"><div class="WADADetailsMainImageArea"><img >> class="WADADetailsMainImage" style="border:#FFFFFF 6px solid" >> src="images/<?php echo $row_WADAimages["image_file"]; ?>" alt="<?php >> echo $row_WADAimages["description"]; ?>" /></div></td><td valign="top" >> width="25%"> <div class="WADADetailsSubHeading" style="padding-left: >> 15px;">This photo was taken in <?php echo >> $row_WADAimages["where_taken"]; ?></div> >> >> You've got an img tag there, indicating the src of: >> >> images/<?php echo $row_WADAimages["image_file"]; ?> >> >> Is this the image file you want to watermark? >> >> The code there has me confused. Is this all one script? Or is it >> multiple scripts? >> >> If it's all one script, it won't work the way you intend. The script >> emits data before it gets to the point where you have set up to >> watermark the image. Thus, the point where you call header to change >> the Content-type won't work. Then there is more data emitted after the >> image. >> >> Am I reading this correctly? Is it all one big script? >> >> If it is, what you really need to do, is at the point where you want >> the watermarked image to appear, is put out some HTML like so: >> >> <img src="watermark.php?src=images/<?php echo >> $row_WADAimages["image_file"]; ?>" .. other stuff ..> >> >> Then put that code you've got in lines 247-272 in the script >> watermark.php and it should work as is. >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > On Oct 31, 2010, at 9:06 PM, Tamara Temple wrote: > Is this something I need to worry about?? Is my mail sending some malware?? > > Begin forwarded message: > >> From: Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxxxxx> >> Date: October 31, 2010 7:37:54 PM CDT >> To: Tamara Temple <tamouse.lists@xxxxxxxxx> >> Subject: Mail delivery failed: returning message to sender >> >> This message was created automatically by mail delivery software. >> >> A message sent by >> >> <php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx> >> >> could not be delivered to all of its recipients. >> The following address(es) failed: >> >> <sascha.braun@xxxxxxxxxx> >> >> The following text was generated during the delivery attempt(s): >> >> <sascha.braun@xxxxxxxxxx> >> (reason: 550 This message contains malware (winnow.malware.wa.webinjection.1450.UNOFFICIAL)) >> >> ------ This is a copy of the message, including all the headers. >> >> Received: from [192.168.1.110] (helo=mailin01.ims-firmen.de) >> by mail01.ims-firmen.de with esmtp (Exim 4.69) >> (envelope-from <php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx>) >> id 1PCiPJ-0001i7-R8 >> for sascha.braun@xxxxxxxxxx; Mon, 01 Nov 2010 01:37:53 +0100 >> Received: from pb1.pair.com ([76.75.200.58] helo=lists.php.net) >> by mailin01.ims-firmen.de with esmtp (Exim 4.72) >> (envelope-from <php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx>) >> id 1PCiPs-00047o-Sb >> for sascha.braun@xxxxxxxxxx; Mon, 01 Nov 2010 01:38:29 +0100 >> Authentication-Results: pb1.pair.com header.from=tamouse.lists@xxxxxxxxx; domainkeys=bad >> DomainKey-Status: bad >> X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 >> X-Host-Fingerprint: 76.75.200.58 pb1.pair.com >> Received: from [76.75.200.58] ([76.75.200.58:2084] helo=lists.php.net) >> by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP >> id EF/73-24094-FDB0ECC4 for <sascha.braun@xxxxxxxxxx>; Sun, 31 Oct 2010 19:37:51 -0500 >> Received: (qmail 51732 invoked by uid 1010); 1 Nov 2010 00:37:02 -0000 >> Mailing-List: contact php-general-help@xxxxxxxxxxxxx; run by ezmlm >> Precedence: bulk >> list-help: <mailto:php-general-help@xxxxxxxxxxxxx> >> list-unsubscribe: <mailto:php-general-unsubscribe@xxxxxxxxxxxxx> >> list-post: <mailto:php-general@xxxxxxxxxxxxx> >> List-Id: php-general.lists.php.net >> Delivered-To: mailing list php-general@xxxxxxxxxxxxx >> Received: (qmail 51725 invoked from network); 1 Nov 2010 00:37:02 -0000 >> Authentication-Results: pb1.pair.com header.from=tamouse.lists@xxxxxxxxx; sender-id=pass; domainkeys=bad >> Authentication-Results: pb1.pair.com smtp.mail=tamouse.lists@xxxxxxxxx; spf=pass; sender-id=pass >> Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.170 as permitted sender) >> X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 >> X-PHP-List-Original-Sender: tamouse.lists@xxxxxxxxx >> X-Host-Fingerprint: 209.85.214.170 mail-iw0-f170.google.com >> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; >> d=gmail.com; s=gamma; >> h=domainkey-signature:received:received:message-id:from:to >> :in-reply-to:content-type:content-transfer-encoding:mime-version >> :subject:x-priority:date:references:x-mailer; >> bh=1SBvdJiJMqFW3oAPgBXlRPveD1uwTXHSzA8U6+E93g0=; >> b=XHIyqG6ZzyCKVSLzyPdNuLXtAIWM1ny0zKFupfTsZgMElSrlCA1aJ9FpDUGvgHMQof >> 0ygppTTq2fo3499HwTzbRYXQSJ4Z2NiEZfYHmwwoTmuenC9XjYbPk+ZUE3p+6S4Okbsm >> sSzu18qFOWAGGhJ8dG8LfcDSfhKhRj3R57Yh4= >> DomainKey-Signature: a=rsa-sha1; c=nofws; >> d=gmail.com; s=gamma; >> h=message-id:from:to:in-reply-to:content-type >> :content-transfer-encoding:mime-version:subject:x-priority:date >> :references:x-mailer; >> b=CnWjshGm9zyFaRv0eUKJml94xT5U1Lb+kEBb503a7VlYtSAWaZm4nK38otH7iJ+Bit >> wr77nJ0SSxoXmaQ/ljQ16IoSGhhXJ9Ew6lOaBE7ntbjibfYnnz7Yzi+sfGt+8STXjHZx >> LP7Z8lk+uMvIH4gNDGw6CcqWawTHJ3Ll7PX7o= >> Message-Id: <30708A14-2818-4B28-87F9-11DB56C40A73@xxxxxxxxx> >> From: Tamara Temple <tamouse.lists@xxxxxxxxx> >> To: PHP General <php-general@xxxxxxxxxxxxx> >> In-Reply-To: <DC.91.40062.3516DCC4@xxxxxxxxxxxx> >> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes >> Content-Transfer-Encoding: 7bit >> Mime-Version: 1.0 (Apple Message framework v936) >> X-Priority: 3 >> Date: Sun, 31 Oct 2010 19:36:53 -0500 >> References: <15.34.06635.E1B1BCC4@xxxxxxxxxxxx> <p06240800c8f1d19b992f@[192.168.1.2]> <CE.B0.10139.73C2CCC4@xxxxxxxxxxxx> <94DF613C-6B40-4897-B101-21CF7D83A763@xxxxxxxxx> <DC.91.40062.3516DCC4@xxxxxxxxxxxx> >> X-Mailer: Apple Mail (2.936) >> Subject: Re: Watermark with GD >> X-Envelope-To: sascha.braun@xxxxxxxxxx >> X-Envelope-From: php-general-return-309188-sascha.braun=immosky.ch@xxxxxxxxxxxxx >> X-IMS-IP: 76.75.200.58 >> X-AV-scan: yes >> >> >> On Oct 31, 2010, at 7:29 AM, Gary wrote: >>> Thanks for the reply, here is a link to the code of the page. >>> >>> http://www.paulgdesigns.com/detailcode.php >>> >> >> Ok, that was pretty messy code. But what I could glean from it is >> this. (See your code at http://pastie.org/1262989). >> >> Line 238: <table border="2" cellpadding="0" width="100%" ><tr><td >> width="auto"><div class="WADADetailsMainImageArea"><img >> class="WADADetailsMainImage" style="border:#FFFFFF 6px solid" >> src="images/<?php echo $row_WADAimages["image_file"]; ?>" alt="<?php >> echo $row_WADAimages["description"]; ?>" /></div></td><td valign="top" >> width="25%"> <div class="WADADetailsSubHeading" style="padding-left: >> 15px;">This photo was taken in <?php echo >> $row_WADAimages["where_taken"]; ?></div> >> >> You've got an img tag there, indicating the src of: >> >> images/<?php echo $row_WADAimages["image_file"]; ?> >> >> Is this the image file you want to watermark? >> >> The code there has me confused. Is this all one script? Or is it >> multiple scripts? >> >> If it's all one script, it won't work the way you intend. The script >> emits data before it gets to the point where you have set up to >> watermark the image. Thus, the point where you call header to change >> the Content-type won't work. Then there is more data emitted after the >> image. >> >> Am I reading this correctly? Is it all one big script? >> >> If it is, what you really need to do, is at the point where you want >> the watermarked image to appear, is put out some HTML like so: >> >> <img src="watermark.php?src=images/<?php echo >> $row_WADAimages["image_file"]; ?>" .. other stuff ..> >> >> Then put that code you've got in lines 247-272 in the script >> watermark.php and it should work as is. >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
