[mso] FW: Re: VIRUS....DO NOT OPEN THOSE TWO PIVOT TABLE MESSAGES

Ahh, the fact that Freelists also placed this message into the admin's
mailbox also says something else about the infected message. I keep
forgetting that the inclusion of anything appearing to be an RFC2822
header causes the Freelists servers to believe there were instructions
in the message and puts the message on hold in the administrator's mail
box. So, here's attempt number 2.

Greg Chapman
http://www.mousetrax.com 
"Counting in binary is as easy as 01, 10, 11!
With thinking this clear, is coding really a good idea?"


-----Original Message-----
From: Greg Chapman [mailto:greg@xxxxxxxxxxxxx] 
Sent: Friday, November 29, 2002 12:37 PM
To: 'mso@xxxxxxxxxxxxx'
Subject: RE: [mso] Re: VIRUS....DO NOT OPEN THOSE TWO PIVOT TABLE
MESSAGES


Yep, you're right; it didn't come through here which makes me wonder a
little more about the mechanics of bugbear. I wonder how many
subscribers actually did get a copy?

Any, proof is in the pudding. The infected message originated in Canada
24.203.83.178 (Videotron in Montreal). All freelists messages originate
from a system called 'turing' (after the mathematician) that resides in
Iquest's network based in Indianapolis, In.

Here are the relevant headers from the infected message:
"Received: from gagne ([24.203.83.178]) by VL-MS-MR001.sc1.videotron.ca
(iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))"

And, for comparison, here's a valid header stack for freelists:
"Received: from turing.(none) (localhost [127.0.0.1])by
turing.freelists.org (FreeLists Mail Multiplex) with ESMTP id
43E39949D1; Fri, 29 Nov 2002 00:21:54 -0500 (EST)"

"Received: with ECARTIS (v1.0.0; list mso); Fri, 29 Nov 2002 00:21:48
-0500 (EST)"
"Delivered-To: mso@xxxxxxxxxxxxx"

"Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2])by
turing.freelists.org (FreeLists Mail Multiplex) with ESMTP id 3D76F945BD
for <mso@xxxxxxxxxxxxx>; Fri, 29 Nov 2002 00:21:47 -500 (EST)"

"Received: from master (pcp01354806pcs.benslm01.pa.comcast.net
[68.80.111.40]) by mtaout01.icomcast.net (iPlanet Messaging Server 5.2
HotFix 1.05 (built Nov  6 2002))"

In a valid freelists posting, the originator is always in the headers
and the demark for when it entered the freelists system to be processed
is indicated by the "Delivered-To:" stamp.

If you're not used to reading mail headers, the method for identifying
the route a message traveled is to find the bottom-most "Received:"
entry, recognize it as the first SMTP hop and then read each successive
"Received:" line, in order, above it. That should describe the complete
route. In the case of the infected message, it appears the source system
is still masked by the SMTP relay server for that subscriber network.

Greg Chapman
http://www.mousetrax.com 
"Counting in binary is as easy as 01, 10, 11!
With thinking this clear, is coding really a good idea?"


> -----Original Message-----
> From: mso-bounce@xxxxxxxxxxxxx
> [mailto:mso-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Poston
> Sent: Friday, November 29, 2002 12:00 PM
> To: mso@xxxxxxxxxxxxx
> Subject: [mso] Re: VIRUS....DO NOT OPEN THOSE TWO PIVOT TABLE MESSAGES
> 
> 
> 
> On 29 Nov 2002 at 9:40, Christine wrote:
> 
> > Linda, it apparently did get through, as I got it also, but Norton
> > caught it.
> 
> Again, I want to clarify that it *didn't* come through
> freelists.  It was 
> sent directly to the recipients.  It's likely that the 
> recipients have 
> all posted to mso recently, and that's why the addresses were 
> available.  
> If you haven't posted to mso on freelists, you probably didn't get it.
> 
> I didn't receive it, and it doesn't appear in the archives.
> It's not a 
> freelists problem.  
> 
> 
> -- Jim
>    poston@xxxxxxx

*************************************************************
You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx or 
MicrosoftOffice@xxxxxxxxxxxxxxxx

To send mail to the group, simply address it to mso@xxxxxxxxxxxxx

To Unsubscribe from this group, send an email to 
mso-request@xxxxxxxxxxxxx?Subject=unsubscribe

Or, visit the group's homepage and use the dropdown menu.  This will also allow 
you to change your email settings to digest or vacation (no mail).
http://www.freelists.org/webpage/mso

To be able to use the files section for sharing files with the group, send a 
request to mso-moderators@xxxxxxxxxxxxx and you will be sent an invitation with 
instructions.  Once you are a member of the files group, you can go here to 
upload/download files:
http://www.smartgroups.com/vault/msofiles
*************************************************************

Other related posts: