LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 10-02-2003, 03:57 PM   #1
linksocc
Member
 
Registered: Jul 2003
Location: US
Distribution: Mandrake 9.0 1st/9.1 2nd/Gentoo 1.4 now
Posts: 313

Rep: Reputation: 30
Angry It say I send a virus


I just opened my email and I received this message
Code:
                     A L E R T A   D E   V I R U S

Nuestro antivirus encontro 

	I-Worm.Sobig.f\r

virus en su correo a los siguientes destinatarios:

-> juamba@ctv.es

el envio del correo se ha detenido!

Por favor chequee su sistema por virus,
o pregunte a su administrador que es lo que debe hacer


Para su informacion le adjuntamos las cabeceras de su correo:

>From <linksocc@hotmail.com>
------------------------- BEGIN HEADERS -----------------------------
Received: from [217.116.0.38] (helo=correo4.acens.net)
	by mx07.in.mad.eresmas.com with esmtp (Exim 4.20)
	id 1A55Di-00026U-Er
	for juamba@ctv.es; Thu, 02 Oct 2003 17:18:22 +0200
Received: (qmail 21014 invoked by uid 510); 2 Oct 2003 15:18:22 -0000
Delivered-To: 20info@aulainfantil.com
Received: (qmail 20880 invoked from network); 2 Oct 2003 15:18:18 -0000
Received: from unknown (HELO SALA2E11) ([64.76.58.100])
          (envelope-sender <linksocc@hotmail.com>)
          by correo4.acens.net (qmail-ldap-1.03) with SMTP
          for <20info@aulainfantil.com>; 2 Oct 2003 15:18:18 -0000
From: <linksocc@hotmail.com>
To: <20info@aulainfantil.com>
Subject: Re: That movie
Date: Mon, 25 Feb 2002 0:22:15 --0500
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="_NextPart_000_00363BB6"
Message-Id: <E1A55Di-00026U-Er@mx07.in.mad.eresmas.com>
X-Spam-Report: Spam detection software, running on the system "mx07.in.mad.eresmas.com", has
	identified this incoming email as possible spam.  The original message
	has been attached to this so you can view it (if it isn't spam) or block
	similar future email.  If you have any questions, see
	postmaster@wanadoo.es for details.
	Content preview:  This is a multipart message in MIME format Please see
	the attached file for details. [skipped application/octet-stream
	attachment] [...] 
	Content analysis details:   (4.5 points, 6.0 required)
	pts rule name              description
	---- ---------------------- --------------------------------------------------
	0.3 NO_REAL_NAME           From: does not include a real name
	0.1 MICROSOFT_EXECUTABLE   RAW: Message includes Microsoft executable program
	1.2 DATE_IN_PAST_96_XX     Date: is 96 hours or more before Received: date
	1.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
	1.2 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE
	0.2 MIME_BOUND_NEXTPART    Spam tool pattern in MIME boundary
X-eresmasldapuser: mail="juamba@ctv.es" mailHost="mail.eresmas.com" mailQuota="50M" mailMessageStore="/mbx//p/p04/w03/14/38/7326776/Maildir/" dn="mail=juamba@ctv.es,ou=ctv.es,o=correo"
-------------------------- END HEADERS ------------------------------

.
Can anybody tell me whats going on here because I never send that email and I don't even know that person. Other thing is that I don't use windows and this says its a virus
 
Old 10-02-2003, 04:02 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
It could be that a spammer is trying to use your address to send viruses. Unfortunately thre isn't much you can do without seeing the headers of the message that was sent.
 
Old 10-02-2003, 04:54 PM   #3
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 253Reputation: 253Reputation: 253
Try to find out what IP or SMTP server it was originally sent from and from there you can try to see what ISP, etc is responsible for the person mailing as they might not be aware that they have a virus they are spreading out.

I had the same issue once, someone was sending emails out using one of my emails, so when they got returned and bounced, they came back to me. I tracked them down and contacted the ISP. They didn't do much though, trying to say they couldn't do anything about it or trying to send me a generic Virus clean email not thinking I wasn't part of their network. Took about 5 emails to explain to them they had a user on their network sending out his emails with my email address in his settings....

Good luck...
 
Old 10-02-2003, 04:57 PM   #4
linksocc
Member
 
Registered: Jul 2003
Location: US
Distribution: Mandrake 9.0 1st/9.1 2nd/Gentoo 1.4 now
Posts: 313

Original Poster
Rep: Reputation: 30
isn't this the IP of the sender
Code:
Received: from [217.116.0.38] (helo=correo4.acens.net)
	by mx07.in.mad.eresmas.com with esmtp (Exim 4.20)
	id 1A55Di-00026U-Er
	for juamba@ctv.es; Thu, 02 Oct 2003 17:18:22 +0200
 
Old 10-02-2003, 05:00 PM   #5
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 253Reputation: 253Reputation: 253
Looks as if it is....
 
Old 10-02-2003, 11:11 PM   #6
Megamieuwsel
Member
 
Registered: Sep 2002
Location: Haarlem , the Netherlands
Distribution: VectorLinux SOHO 5.1
Posts: 470

Rep: Reputation: 35
Are you using an email-service from a provider , other than you self?(Like most people).
Had something similar myself and figured , the virus had infected the emailprovider and was abusing your email-account for speading , not your machine.
Just a theory , though.
 
Old 10-03-2003, 07:25 AM   #7
jayakrishnan
Member
 
Registered: Feb 2002
Location: India
Distribution: Slacky 12.1, XP
Posts: 992

Rep: Reputation: 30
Spam detection software, running on the system "mx07.in.mad.eresmas.com", has
identified this incoming email as possible spam.


looks like a spam
 
Old 10-03-2003, 07:28 AM   #8
linksocc
Member
 
Registered: Jul 2003
Location: US
Distribution: Mandrake 9.0 1st/9.1 2nd/Gentoo 1.4 now
Posts: 313

Original Poster
Rep: Reputation: 30
I only use that account with mozilla thunderbird and to send mails I use the server from my ISP.
 
Old 10-03-2003, 07:38 AM   #9
Baldrick65
Member
 
Registered: Aug 2003
Location: Dunedin NZ
Distribution: Mint 13 Cinnamon
Posts: 653

Rep: Reputation: 31
The sobig virus is a windows virus that spoofs the email address. Chances are that someone who has YOU in their address book AND runs Windows has this virus.

Check This Link for details.

Baldrick
 
Old 10-03-2003, 08:05 AM   #10
linksocc
Member
 
Registered: Jul 2003
Location: US
Distribution: Mandrake 9.0 1st/9.1 2nd/Gentoo 1.4 now
Posts: 313

Original Poster
Rep: Reputation: 30
ok thanks I'm going to start sending mesanges to all my contacts
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Server does'nt send mail until shutdown and LAN can't send or receive. Wolfy Linux - Networking 0 08-02-2004 07:31 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
trend chipway virus detected boot virus rafc Linux - Security 1 05-13-2004 01:44 AM
Strange virus-laden email returned, but i didn't send it BigBadPenguin Linux - Security 2 01-27-2004 04:00 PM
LICQ: send through server OR send directly mikeshn Linux - Software 0 06-09-2003 06:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 11:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration