Banned extension delivered
Posted: Sun Jan 24, 2016 12:05 am
Hi,
using the site at http://www.emailsecuritycheck.net, I have found a problem. I have not investigated deeply, but is worring that an dangerous attachment is delivered.
Three messages were delivered with .bat attachments
Below one of complete messages. Anyone have solutions ?
Return-Path: securitycheck@emailsecuritycheck.net
Received: from <<ZIMBRA>> (LHLO <<ZIMBRA>>) (10.0.2.5)
by <<ZIMBRA>> with LMTP; Sat, 23 Jan 2016 23:16:04 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by <<ZIMBRA>> (Postfix) with ESMTP id 242711026439F5
for <admin@<<ZIMBRA>>>; Sat, 23 Jan 2016 23:16:04 +0100 (CET)
X-Virus-Scanned: amavisd-new at <<ZIMBRA>>
X-Spam-Flag: NO
X-Spam-Score: 0.529
X-Spam-Level:
X-Spam-Status: No, score=0.529 tagged_above=-10 required=6.6
tests=[BAYES_00=-1.9, INVALID_MSGID=0.568, PYZOR_CHECK=3.25,
RP_MATCHES_RCVD=-0.001, SPF_HELO_NEUTRAL=0.112, SPF_PASS=-1.5]
autolearn=no autolearn_force=no
Received: from <<ZIMBRA>> ([127.0.0.1])
by localhost (<<ZIMBRA>> [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id gZUSb0rJB23Q for <admin@<<ZIMBRA>>>;
Sat, 23 Jan 2016 23:16:03 +0100 (CET)
Received: from byteplant.com (outbound.emailsecuritycheck.net [149.202.232.193])
by <<ZIMBRA>> (Postfix) with ESMTPS id 388C41026CB518
for <admin@<<ZIMBRA>>>; Sat, 23 Jan 2016 23:16:03 +0100 (CET)
Received: from localhost ([127.0.0.1] helo=ovh)
by byteplant.com with smtp (Exim 4.80)
(envelope-from <securitycheck@emailsecuritycheck.net>)
id 1aN6Ts-0001Wg-4Z
for admin@<<ZIMBRA>>; Sat, 23 Jan 2016 23:16:28 +0100
Subject: Test mail 5/7 (ID=uxajslTselPa9nxHdkF4kQ==)
Date: Sat, 23 Jan 2016 23:16:28 +0100
Message-ID: emailsecuritycheck.net.5.uxajslTselPa9nxHdkF4kQ==
From: securitycheck@emailsecuritycheck.net
To: admin@<<ZIMBRA>>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=XXX
--XXX
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
You receive this email because you registered for the Byteplant Email Security Check.
This mail contains a harmless executable attachment named "attached.bat".
Even though it is harmless, it should have been removed (or replaced) by your
attachment blocker.
Find out more here on how to protect yourself against unwanted email attachments:
http://www.byteplant.com/cleanmail
--XXX
Content-Type: application/x-msdownload;
"name"=attached.bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
"filename"=attached.bat
echo Your system is vulnerable
pause
--XXX--
using the site at http://www.emailsecuritycheck.net, I have found a problem. I have not investigated deeply, but is worring that an dangerous attachment is delivered.
Three messages were delivered with .bat attachments
Below one of complete messages. Anyone have solutions ?
Return-Path: securitycheck@emailsecuritycheck.net
Received: from <<ZIMBRA>> (LHLO <<ZIMBRA>>) (10.0.2.5)
by <<ZIMBRA>> with LMTP; Sat, 23 Jan 2016 23:16:04 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by <<ZIMBRA>> (Postfix) with ESMTP id 242711026439F5
for <admin@<<ZIMBRA>>>; Sat, 23 Jan 2016 23:16:04 +0100 (CET)
X-Virus-Scanned: amavisd-new at <<ZIMBRA>>
X-Spam-Flag: NO
X-Spam-Score: 0.529
X-Spam-Level:
X-Spam-Status: No, score=0.529 tagged_above=-10 required=6.6
tests=[BAYES_00=-1.9, INVALID_MSGID=0.568, PYZOR_CHECK=3.25,
RP_MATCHES_RCVD=-0.001, SPF_HELO_NEUTRAL=0.112, SPF_PASS=-1.5]
autolearn=no autolearn_force=no
Received: from <<ZIMBRA>> ([127.0.0.1])
by localhost (<<ZIMBRA>> [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id gZUSb0rJB23Q for <admin@<<ZIMBRA>>>;
Sat, 23 Jan 2016 23:16:03 +0100 (CET)
Received: from byteplant.com (outbound.emailsecuritycheck.net [149.202.232.193])
by <<ZIMBRA>> (Postfix) with ESMTPS id 388C41026CB518
for <admin@<<ZIMBRA>>>; Sat, 23 Jan 2016 23:16:03 +0100 (CET)
Received: from localhost ([127.0.0.1] helo=ovh)
by byteplant.com with smtp (Exim 4.80)
(envelope-from <securitycheck@emailsecuritycheck.net>)
id 1aN6Ts-0001Wg-4Z
for admin@<<ZIMBRA>>; Sat, 23 Jan 2016 23:16:28 +0100
Subject: Test mail 5/7 (ID=uxajslTselPa9nxHdkF4kQ==)
Date: Sat, 23 Jan 2016 23:16:28 +0100
Message-ID: emailsecuritycheck.net.5.uxajslTselPa9nxHdkF4kQ==
From: securitycheck@emailsecuritycheck.net
To: admin@<<ZIMBRA>>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=XXX
--XXX
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
You receive this email because you registered for the Byteplant Email Security Check.
This mail contains a harmless executable attachment named "attached.bat".
Even though it is harmless, it should have been removed (or replaced) by your
attachment blocker.
Find out more here on how to protect yourself against unwanted email attachments:
http://www.byteplant.com/cleanmail
--XXX
Content-Type: application/x-msdownload;
"name"=attached.bat
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
"filename"=attached.bat
echo Your system is vulnerable
pause
--XXX--