somitimes occur Blocked BANNED

Usuário do Sistema maiconlp at ig.com.br
Wed Aug 31 15:19:51 CEST 2011


Thank you Michael,

sorry but I've copied the log wrong in the before message please
disregard that log . follow the a log when the block occurred.

http://pastebin.com/ndNrEcxg

 the user has sent the message without any attached file. but the log
shows a block by text/plain,.movie,.mpg is very strange.



thanks





2011/8/31 Michael Scheidell <michael.scheidell at secnap.com>:
> On 8/30/11 10:55 PM, Usuário do Sistema wrote:
>
> Aug 30 17:07:36 tgadml0003 amavis[13219]: (13219-06-14) Blocked BANNED
> (application/x-dosexec,.exe,.exe-ms,regedit.exe), [128.2.8.73]
>
> it looks like he has sent an attachment, according to amavisd, the
> attachment is called regedit.exe.
> if he did not try to send an attachment, then there is something seriously
> wrong,
>
> if you doubt this, then post the whole message, source, headers, everything
> to pastebin.com and send a link to pastebin to this mailing list.
> you should be able to find the whole email, since you have quarantined it .
>
> DO NOT SEND THE EMAIL HERE.
>
>
>
> --
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
>> | SECNAP Network Security Corporation
>
> Best Mobile Solutions Product of 2011
> Best Intrusion Prevention Product
> Hot Company Finalist 2011
> Best Email Security Product
> Certified SNORT Integrator
>
> ________________________________
>
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see http://www.secnap.com/products/spammertrap/
>
> ________________________________
>


More information about the amavis-users mailing list