<OT> Mail Interception: incoming E-mail contained a virus

UCSD virus scanner VirusScan@ucsd.edu
Wed, 4 Jun 2003 02:15:02 -0700 (PDT) 

--UCSD_MailScan_mailbox2.ucsd.edu_v1.2.7_1054718102_84446
Content-Type: Text/Plain
Content-Transfer-Encoding: 7Bit
Content-Disposition: inline
Content-Description: Virus Interception Notice in plaintext

  This is a message from the UCSD E-Mail Virus Protection Service
  ---------------------------------------------------------------

Our virus scanner indicates that an attachment or part of an E-mail
message addressed to you was infected with a virus, so THAT part of
the message has been removed from your mail.

This does NOT mean that your computer has a virus.

The rest of the original message is enclosed below.

The *INFECTED* attachment file is being held in quarantine.

If you do not want this file, you need do nothing
further and it will be destroyed automatically after 30 days.

The mail scanner program may (rarely) remove a valid attachment to a
message, part of which coincidently resembled a known virus.  If you need to
retrieve a removed message part, please read the following:

The attachment you download is likely to still be infected.
Please use EXTREME CARE in handling it.

To download the attachment, please use your browser to access:

has been quarantined and is retrievable at
   HTTP://WWW-NO.UCSD.EDU/Q?071cd195d0ba46cab0745bdb8ca32f35.gz
   (scan reported VIRUS W32/Sobig-C Found in file ./5.b64)

If you do not have a Web browser, you may use anonymous FTP to
connect to FTP.UCSD.Edu and GET the file directly.

   /quarantine/071cd195d0ba46cab0745bdb8ca32f35.gz

The /quarantine directory cannot be listed, so you must
specifically retrieve the file by the name given above.

Note that in all cases the file name of the original attachment has
been changed, and the file contents compressed with GNUZip. This
was done to help prevent it from infecting your system automatically
should you actually download it.

The original message headers and the uninfected portion of the
contents follow.  Please remember that the To: and From: addresses in
infected E-mail are often forgeries.  It is not unusual for the author
or site shown in the message to have no knowledge nor actual
responsibility for the message you received.

Following the original message (below), there is a technical data summary
which contains information our help desk personnel will need if you
call with questions about this interception.

	VirusScan@UCSD.Edu

Office of Network Operations
Academic Computing Services
University of California, San Diego
+1 858 534-1857

--UCSD_MailScan_mailbox2.ucsd.edu_v1.2.7_1054718102_84446
Content-Transfer-Encoding: 7Bit
Content-Type: Message/RFC822
Content-Disposition: inline
Content-Description: Incoming E-mail message after disinfection.
	 (Expires Sun, 29 Jun 2003 02:15:02 -0700 (PDT))

Received: from 3-3 ([161.116.34.139])
	by mailbox2.ucsd.edu (8.12.9/8.12.3) with ESMTP id h549Ej8E092843
	for <optimal@mlist1.ucsd.edu>; Wed, 4 Jun 2003 02:14:55 -0700 (PDT)
From: <jesustuson@hotmail.com>
To: <optimal@mlist1.ucsd.edu>
Subject: Re: Approved
Date: Wed, 4 Jun 2003 11:27:10 +0200
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="CSmtpMsgPart123X456_000_006BA4F7"
X-Spamscanner: mailbox2.ucsd.edu  (v1.2 May 26 2003 01:55:38, 1.6/5.0 2.55)
X-Spam-Level: Level *

This is a multipart message in MIME format

--CSmtpMsgPart123X456_000_006BA4F7
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Please see the attached file.
--CSmtpMsgPart123X456_000_006BA4F7
Content-Type: Message/External-Body;
	Access-Type="ANON-FTP"; Site="mailbox2.ucsd.edu"; Directory="/quarantine";
	Name="/quarantine/071cd195d0ba46cab0745bdb8ca32f35.gz";
	Expiration="Sun, 29 Jun 2003 02:15:02 -0700 (PDT)";
	Mode="IMAGE"
Content-Disposition: Attachment
Content-Transfer-Encoding: Binary
Content-Description: Quarantined file "document.pif"

Content-Type: Application/Octet-Stream;
	Filename="p/quarantine/071cd195d0ba46cab0745bdb8ca32f35.gz"
Content-ID: <h549Ej8E092843>
Content-Transfer-Encoding: Binary
Content-Description: CAUTION: Infected file

--CSmtpMsgPart123X456_000_006BA4F7
Content-Transfer-Encoding: 7Bit
Content-Type: Text/Plain
Content-Disposition: inline
Content-Description: Interception Technical Information

If you call our helpdesk, please have the following
technical information to hand:

mailscan Version 1.2.7 on mailbox2.ucsd.edu at Wed Jun  4 02:15:02 2003

Scan results for h549Ej8E092843 <unknown>
7 parts: 6 clean, 1 virus, 0 filetrap, 0 error
part   0: CLEAN ./qfh549Ej8E092843
part   1: CLEAN ./dfh549Ej8E092843
part   2: CLEAN ./1.preamble
part   3: CLEAN ./2.header
part   4: CLEAN ./3.plain
part   5: VHEAD
part   6: VIRUS W32/Sobig-C Found in file ./5.b64
	start=378, end=-1
	file=5.b64
	tftp=/nfs/ftp/quarantine/071cd195d0ba46cab0745bdb8ca32f35.gz
	af=document.pif


Original Message headers:
> Received: from 3-3 ([161.116.34.139])
> 	by mailbox2.ucsd.edu (8.12.9/8.12.3) with ESMTP id h549Ej8E092843
> 	for <optimal@mlist1.ucsd.edu>; Wed, 4 Jun 2003 02:14:55 -0700 (PDT)
> From: <jesustuson@hotmail.com>
> To: <optimal@mlist1.ucsd.edu>
> Subject: Re: Approved
> Date: Wed, 4 Jun 2003 11:27:10 +0200
> Importance: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MSMail-Priority: Normal
> X-Priority: 3 (Normal)
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> 	boundary="CSmtpMsgPart123X456_000_006BA4F7"
> X-Spamscanner: mailbox2.ucsd.edu  (v1.2 May 26 2003 01:55:38, 1.6/5.0 2.55)
> X-Spam-Level: Level *

--CSmtpMsgPart123X456_000_006BA4F7--

--UCSD_MailScan_mailbox2.ucsd.edu_v1.2.7_1054718102_84446--