[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Sendmail Log Message

Subject: Re: [cobalt-security] Sendmail Log Message
From: "David Black" <DavidBlack@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 27 Jun 2003 09:14:19 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

----- Original Message ----- 
From: "Jon" <jjma@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, June 27, 2003 8:28 AM
Subject: [cobalt-security] Sendmail Log Message

>
> Recently I have started to get this log report
>
> sendmail: Truncated MIME Content-Disposition header due to field size
(possible
> attack)
>
> Is this something that I can prevent and stop? I'm running fully patched
raq3
> and raq4r and message appears in both logfiles.
>
> Thanks
>
> Jon

Yeah, we do seem to be getting another wave of those alerts.
I researched some of the messages that were causing them,
and discovered they were infected with a worm called "sobig".

The worm is a mass mailer. The mime headers it creates
are incomplete - which triggers that "possible attack" alert.
It's really not a problem for your RaQ, but you might want to
warn your users, to watch out for infected email (as always),
and make sure they have the *very latest* virus updates,
because an out-of-date virus scanner won't catch this worm.

:D
--
David Black
Houston, TX

References:
- [cobalt-security] Sendmail Log Message
  - From: Jon

Prev by Date: Re: [cobalt-security] Sendmail Log Message
Next by Date: Re: [cobalt-security] Sendmail Log Message
Previous by thread: Re: [cobalt-security] Sendmail Log Message
Next by thread: [cobalt-security] RE: cobalt-security digest, Vol 1 #1225 - 3 msgs

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index