[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Sendmail Log Message
- Subject: Re: [cobalt-security] Sendmail Log Message
- From: "David Black" <DavidBlack@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 27 Jun 2003 09:14:19 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
----- Original Message -----
From: "Jon" <jjma@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, June 27, 2003 8:28 AM
Subject: [cobalt-security] Sendmail Log Message
>
> Recently I have started to get this log report
>
> sendmail: Truncated MIME Content-Disposition header due to field size
(possible
> attack)
>
> Is this something that I can prevent and stop? I'm running fully patched
raq3
> and raq4r and message appears in both logfiles.
>
> Thanks
>
> Jon
Yeah, we do seem to be getting another wave of those alerts.
I researched some of the messages that were causing them,
and discovered they were infected with a worm called "sobig".
The worm is a mass mailer. The mime headers it creates
are incomplete - which triggers that "possible attack" alert.
It's really not a problem for your RaQ, but you might want to
warn your users, to watch out for infected email (as always),
and make sure they have the *very latest* virus updates,
because an out-of-date virus scanner won't catch this worm.
:D
--
David Black
Houston, TX