Looks like a windows virus. I got one this morning myself. http://www.sarc.com/avcenter/venc/data/w32.brid.a@mm.html Marc. On Thu, 2002-11-07 at 10:48, Joshua Andrews wrote: > Sorry, I know this is not Psyche specific but this is the most active list. > > I received an email, (virus packed no doubt), on 2 different mail > servers, 2 different domains; the message claims to come from root but > the relay IP is in SOA somewhere in China. I don't understand why > sendmail allowed it. > The e-mails had README.EXE embeded in them as a "*.wav" mime type. > > This is all that was in the maillog. > > Nov 7 00:35:08 mail sendmail[23448]: gA78Z5Y23448: > from=root@mail.wavefood.com, size=156475, class=0, nrcpts=1, > msgid=<200211070835.gA78Z5Y23448@mail.wavefood.com>, proto=SMTP, > daemon=MTA, relay=[211.101.140.97] > Nov 7 00:35:09 mail sendmail[23449]: gA78Z5Y23448: > to=root@mail.wavefood.com, ctladdr=root@mail.wavefood.com (0/0), > delay=00:00:03, xdelay=00:00:00, mailer=local, pri=216178, dsn=2.0.0, > stat=Sent > > Thanks, > Joshua > > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
