americanintel
Verified User
I keep receiving these to one address. I have ClamAV and it's up to date and working? as I have tested it via various sources (test files, 3rd party tests, etc).
My virus report says:
Message Part>unknown - HTML/MIMEType!exploit infection.
Message Part>message.scr - Win32/Netsky.P worm.
Here is the email in it's entirety as I see it in Thunderbird. (My EZTrust is catching this, so far...)
Reporting-MTA: dns; host.christianwebhost.com
Received-From-MTA: DNS; 72-11-44-108.northstate.net
Arrival-Date: Tue, 19 Sep 2006 16:54:33 -0400
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.3.5
Diagnostic-Code: SMTP; 553 5.3.5 system config error
Last-Attempt-Date: Tue, 19 Sep 2006 16:54:36 -0400
Subject:
Mail Delivery (failure [email protected])
From:
[email protected]
Date:
Tue, 19 Sep 2006 01:11:43 -0400
To:
[email protected]
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at:
www.host.christianwebhost.com/inbox/6014920/read.php?sessionid-27665- I WOULDN'T GO THERE!!!
The original message was received at Tue, 19 Sep 2006 16:54:33 -0400
from 72-11-44-108.northstate.net [72.11.44.108] (may be forged)
----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 553 5.3.5 system config error)
----- Transcript of session follows -----
553 5.3.5 mail.host.christianwebhost.com. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
Reporting-MTA: dns; host.christianwebhost.com
Received-From-MTA: DNS; 72-11-44-108.northstate.net
Arrival-Date: Tue, 19 Sep 2006 16:54:33 -0400
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.3.5
Diagnostic-Code: SMTP; 553 5.3.5 system config error
Last-Attempt-Date: Tue, 19 Sep 2006 16:54:36 -0400
Subject:
Mail Delivery (failure [email protected])
From:
[email protected]
Date:
Tue, 19 Sep 2006 01:11:43 -0400
To:
[email protected]
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at:
www.host.christianwebhost.com/inbox/6014920/read.php?sessionid-27665
-----
And here is the full header:
-----
From - Tue Sep 19 16:02:24 2006
X-Account-Key: account6
X-UIDL: 30b30f98f37b553b09c9a828dc4eec49
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-path: <>
Envelope-to: [email protected]
Delivery-date: Tue, 19 Sep 2006 15:54:43 -0500
Received: from mail by server.sporttwin.net with spam-scanned (Exim 4.60)
id 1GPmc2-0004bL-Uw
for [email protected]; Tue, 19 Sep 2006 15:54:43 -0500
Received: from host.christianwebhost.com ([209.239.32.158])
by server.mydomain.net with esmtp (Exim 4.60)
id 1GPmc2-0004bI-Ji
for [email protected]; Tue, 19 Sep 2006 15:54:38 -0500
Received: from localhost (localhost)
by host.christianwebhost.com (8.12.11.20060614/8.12.10) id k8JKsaCr014735;
Tue, 19 Sep 2006 16:54:36 -0400
Date: Tue, 19 Sep 2006 16:54:36 -0400
From: Mail Delivery Subsystem <[email protected]>
Message-Id: <[email protected]>
To: <[email protected]>
To: [email protected]
MIME-Version: 1.0
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Spam-Checker-Version: SpamAssassin 3.0.6 (2005-12-07) on
server.mydomain.net
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=AWL,HTML_60_70,HTML_MESSAGE,
MIME_HTML_MOSTLY,MIME_SUSPECT_NAME,MPART_ALT_DIFF autolearn=no
version=3.0.6
X-ISafe-Status: V
Content-Type: multipart/mixed;
boundary="------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0"
This is a MIME-encapsulated message
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type:
The original message was received at Tue, 19 Sep 2006 16:54:33 -0400
from 72-11-44-108.northstate.net [72.11.44.108] (may be forged)
----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 553 5.3.5 system config error)
----- Transcript of session follows -----
553 5.3.5 mail.host.christianwebhost.com. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type: message/delivery-status
Reporting-MTA: dns; host.christianwebhost.com
Received-From-MTA: DNS; 72-11-44-108.northstate.net
Arrival-Date: Tue, 19 Sep 2006 16:54:33 -0400
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.3.5
Diagnostic-Code: SMTP; 553 5.3.5 system config error
Last-Attempt-Date: Tue, 19 Sep 2006 16:54:36 -0400
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type: message/rfc822
Return-Path: <[email protected]>
Received: from host.christianwebhost.com (72-11-44-108.northstate.net [72.11.44.108] (may be forged))
by host.christianwebhost.com (8.12.11.20060614/8.12.10) with ESMTP id k8JKsWCr014585
for <[email protected]>; Tue, 19 Sep 2006 16:54:33 -0400
Message-Id: <[email protected]>
From: [email protected]
To: [email protected]
Subject: Mail Delivery (failure [email protected])
Date: Tue, 19 Sep 2006 01:11:43 -0400
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_001C_01C0CA80.6B015D10"
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>If the message will not displayed automatically,<br>
follow the link to read the delivered message.<br><br>
Received message is available at:<br>
<a href=3Dcid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re height=3D0 width=3D0>www.host.christianwebhost.com/inbox/6014920/read.php?sessionid-27665</a>
<iframe
src=3Dcid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re height=3D0 width=3D0></iframe>
<DIV> </DIV></BODY></HTML>
------=_NextPart_001_001C_01C0CA80.6B015D10--
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: audio/x-wav;
name="message.scr"
Content-Transfer-Encoding: base64
Content-ID: <031401Mfdab4$3f3dL780$73387018@57W81fa70Re>
------=_NextPart_000_001B_01C0CA80.6B015D10--
--k8JKsaCr014735.1158699276/host.christianwebhost.com--
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type: TEXT/PLAIN; name=AntivirusReport.txt
Content-Disposition: attachment; filename=AntivirusReport.txt
Content-Transfer-Encoding: base64
//5NAGUAcw (SIXTEEN BILLION LINES OF CODE, LIKE FOR AN IMAGE REMOVED)
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0--
My virus report says:
Message Part>unknown - HTML/MIMEType!exploit infection.
Message Part>message.scr - Win32/Netsky.P worm.
Here is the email in it's entirety as I see it in Thunderbird. (My EZTrust is catching this, so far...)
Reporting-MTA: dns; host.christianwebhost.com
Received-From-MTA: DNS; 72-11-44-108.northstate.net
Arrival-Date: Tue, 19 Sep 2006 16:54:33 -0400
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.3.5
Diagnostic-Code: SMTP; 553 5.3.5 system config error
Last-Attempt-Date: Tue, 19 Sep 2006 16:54:36 -0400
Subject:
Mail Delivery (failure [email protected])
From:
[email protected]
Date:
Tue, 19 Sep 2006 01:11:43 -0400
To:
[email protected]
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at:
www.host.christianwebhost.com/inbox/6014920/read.php?sessionid-27665- I WOULDN'T GO THERE!!!
The original message was received at Tue, 19 Sep 2006 16:54:33 -0400
from 72-11-44-108.northstate.net [72.11.44.108] (may be forged)
----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 553 5.3.5 system config error)
----- Transcript of session follows -----
553 5.3.5 mail.host.christianwebhost.com. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
Reporting-MTA: dns; host.christianwebhost.com
Received-From-MTA: DNS; 72-11-44-108.northstate.net
Arrival-Date: Tue, 19 Sep 2006 16:54:33 -0400
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.3.5
Diagnostic-Code: SMTP; 553 5.3.5 system config error
Last-Attempt-Date: Tue, 19 Sep 2006 16:54:36 -0400
Subject:
Mail Delivery (failure [email protected])
From:
[email protected]
Date:
Tue, 19 Sep 2006 01:11:43 -0400
To:
[email protected]
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at:
www.host.christianwebhost.com/inbox/6014920/read.php?sessionid-27665
-----
And here is the full header:
-----
From - Tue Sep 19 16:02:24 2006
X-Account-Key: account6
X-UIDL: 30b30f98f37b553b09c9a828dc4eec49
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-path: <>
Envelope-to: [email protected]
Delivery-date: Tue, 19 Sep 2006 15:54:43 -0500
Received: from mail by server.sporttwin.net with spam-scanned (Exim 4.60)
id 1GPmc2-0004bL-Uw
for [email protected]; Tue, 19 Sep 2006 15:54:43 -0500
Received: from host.christianwebhost.com ([209.239.32.158])
by server.mydomain.net with esmtp (Exim 4.60)
id 1GPmc2-0004bI-Ji
for [email protected]; Tue, 19 Sep 2006 15:54:38 -0500
Received: from localhost (localhost)
by host.christianwebhost.com (8.12.11.20060614/8.12.10) id k8JKsaCr014735;
Tue, 19 Sep 2006 16:54:36 -0400
Date: Tue, 19 Sep 2006 16:54:36 -0400
From: Mail Delivery Subsystem <[email protected]>
Message-Id: <[email protected]>
To: <[email protected]>
To: [email protected]
MIME-Version: 1.0
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Spam-Checker-Version: SpamAssassin 3.0.6 (2005-12-07) on
server.mydomain.net
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=AWL,HTML_60_70,HTML_MESSAGE,
MIME_HTML_MOSTLY,MIME_SUSPECT_NAME,MPART_ALT_DIFF autolearn=no
version=3.0.6
X-ISafe-Status: V
Content-Type: multipart/mixed;
boundary="------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0"
This is a MIME-encapsulated message
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type:
The original message was received at Tue, 19 Sep 2006 16:54:33 -0400
from 72-11-44-108.northstate.net [72.11.44.108] (may be forged)
----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 553 5.3.5 system config error)
----- Transcript of session follows -----
553 5.3.5 mail.host.christianwebhost.com. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type: message/delivery-status
Reporting-MTA: dns; host.christianwebhost.com
Received-From-MTA: DNS; 72-11-44-108.northstate.net
Arrival-Date: Tue, 19 Sep 2006 16:54:33 -0400
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.3.5
Diagnostic-Code: SMTP; 553 5.3.5 system config error
Last-Attempt-Date: Tue, 19 Sep 2006 16:54:36 -0400
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type: message/rfc822
Return-Path: <[email protected]>
Received: from host.christianwebhost.com (72-11-44-108.northstate.net [72.11.44.108] (may be forged))
by host.christianwebhost.com (8.12.11.20060614/8.12.10) with ESMTP id k8JKsWCr014585
for <[email protected]>; Tue, 19 Sep 2006 16:54:33 -0400
Message-Id: <[email protected]>
From: [email protected]
To: [email protected]
Subject: Mail Delivery (failure [email protected])
Date: Tue, 19 Sep 2006 01:11:43 -0400
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_001C_01C0CA80.6B015D10"
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
------=_NextPart_001_001C_01C0CA80.6B015D10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>If the message will not displayed automatically,<br>
follow the link to read the delivered message.<br><br>
Received message is available at:<br>
<a href=3Dcid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re height=3D0 width=3D0>www.host.christianwebhost.com/inbox/6014920/read.php?sessionid-27665</a>
<iframe
src=3Dcid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re height=3D0 width=3D0></iframe>
<DIV> </DIV></BODY></HTML>
------=_NextPart_001_001C_01C0CA80.6B015D10--
------=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: audio/x-wav;
name="message.scr"
Content-Transfer-Encoding: base64
Content-ID: <031401Mfdab4$3f3dL780$73387018@57W81fa70Re>
------=_NextPart_000_001B_01C0CA80.6B015D10--
--k8JKsaCr014735.1158699276/host.christianwebhost.com--
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0
Content-Type: TEXT/PLAIN; name=AntivirusReport.txt
Content-Disposition: attachment; filename=AntivirusReport.txt
Content-Transfer-Encoding: base64
//5NAGUAcw (SIXTEEN BILLION LINES OF CODE, LIKE FOR AN IMAGE REMOVED)
--------------Boundary-00=_0GYU9QIWKGMMYJ0CCJD0--
Last edited: