[Exim] Exim or linux virus?

Pàgina inicial
Delete this message
Reply to this message
Autor: Chris Sparnicht
Data:  
A: exim-users
CC: info
Assumpte: [Exim] Exim or linux virus?
Greetings!

I am not currently running exim on my site, however, I keep getting spam from
somebody who is running exim. Strangely, it seems to be coming from my
site, but there seems to be no IP trail in the header to check one way
or another exactly where the email is coming from. I'd almost swear it
has to be coming from my site because it says it's bouncing from my
website, and yet when I go into shell and use 'locate exim' as su, I see
no example of exim anywhere on my box.

Here is an example the virus-laden spam.
Please note - it's always involving this Lara Croft site, it's always
got a virus, probably in the midi file attachment, but the
email address to which it's posted changes.

Is it likely that someone has found a way to open a smtp relay
through my site or is exim just lean enough that it doesn't give
away IP trails in the header?

Or does my linux box have a virus?

Thanks for any replies.

Cheers,

Chris

Date: Tue,26 Nov 2002 02:06:34 PM
From: Mail Delivery System <MAILER-DAEMON@???>
To: info@???
Subject: Undelivered Mail Returned to Sender -Lara Croft's The Last
    Revelation Walk Through
Parts/Attachments:
   1   Shown    ~3 lines  Text
   2     OK     40 KB     Message, "Lara Croft's The Last Revelation
Walk Thro
   2.1 Shown   ~11 lines  Text
   2.2          29 KB     Audio
----------------------------------------


This message was created automatically by mail delivery software (Exim).
----------------------------------------

A message that you sent could not be delivered to one or more of its
recipients.
This is a permanent error. The following address(es)
failed:dunkin_donuts@???

The message that is attached says this:

Date: Tue,26 Nov 2002 02:06:34 PM
From: info@???
To: dunkin_donuts@???
Subject: Lara Croft's The Last Revelation Walk Through

Lara Croft's The Last Revelation Walk ThroughTHE LAST REVELATION
Complete
Game Walk Through =A91999 www.thelastrevelation.com - All Rights
Reserved -
No Portion of this walkthrough may be republished in any way. Thanks To
Eidos Interactive For Another Blockbuster

----------------------------------------