[Dshield] FW: ALERT - GroupShield ticket number OB31_1082060157_NDSXCH03_1 was generated

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Apr 15 22:09:10 GMT 2004


FYI-

Received this email notification (copy forwarded further below, at the
very bottom of this email) after submitting my recent post to this list.

Is it not remarkable to be informed about the action taken for a message
that triggered a positive false alarm: "The message was quarantined and
replaced with a text informing the recipient of the action taken."

Suggest we all ask our A/V vendors kindly fix their products.

Nevertheless, now I am not sure whether Symantec Tech Support received
my latest error report, since also received these two emails after
submitting the latest Auto-Protect / 'positive false alarm' report
on-line via fill-in-form at Symantec Corp's Technical Support web page:

Notification # 1:
Sender: postmaster at softwarespectrum.com
Subject: Message delayed (symantec_support at ecemail.ece.com)

ATTACHMENT # 1 CONTENTS:
Reporting-MTA: dns; maildal12.ecemail.ece.com
Received-From-MTA: dns; webdal10 (webdal10.ece.com [65.169.193.101])
Arrival-Date: Thu, 15 Apr 2004 12:53:03 -0500

Final-Recipient: rfc822; symantec_support at ecemail.ece.com
Action: delayed
Status: 4.0.0 (Persistent transient failure - no additional status
information available)
Remote-MTA: dns; 10.128.128.66
Diagnostic-Code: smtp; 421 Internal error. Connection closing

ATTACHMENT # 2 CONTENTS:
Received: from webdal10 (webdal10.ece.com) by maildal12.ecemail.ece.com
 (Content Technologies SMTPRS 4.2.10) with ESMTP id
<T68faa2fac441a9c10b45c at maildal12.ecemail.ece.com> for
<symantec_support at ecemail.ece.com>;
 Thu, 15 Apr 2004 12:53:03 -0500
Received: from localhost ([127.0.0.1]) by webdal10 with Microsoft
SMTPSVC(5.0.2195.6713);
	 Thu, 15 Apr 2004 12:52:12 -0500
From: peter.stendahl-juvonen at welho.com
To: symantec_support at ecemail.ece.com
Subject: Auto-Protect
Date: Thu, 15 Apr 2004 17:52:12 UTC
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Return-Path: peter.stendahl-juvonen at welho.com
Message-ID: <WEBDAL10wae8i672byQ000194b3 at webdal10>
X-OriginalArrivalTime: 15 Apr 2004 17:52:12.0141 (UTC)
FILETIME=[614371D0:01C42312]


Notification # 2:
Sender: postmaster at softwarespectrum.com
Subject: Message delayed (symantec_support at ecemail.ece.com)

ATTACHMENT # 1 CONTENTS:
Reporting-MTA: dns; maildal12.ecemail.ece.com
Received-From-MTA: dns; webdal10 (webdal10.ece.com [65.169.193.101])
Arrival-Date: Thu, 15 Apr 2004 12:53:03 -0500

Final-Recipient: rfc822; symantec_support at ecemail.ece.com
Action: delayed
Status: 4.0.0 (Persistent transient failure - no additional status
information available)
Remote-MTA: dns; 10.128.128.66
Diagnostic-Code: smtp; 421 Internal error. Connection closing

ATTACHMENT # 2 CONTENTS:
Received: from webdal10 (webdal10.ece.com) by maildal12.ecemail.ece.com
 (Content Technologies SMTPRS 4.2.10) with ESMTP id
<T68faa2fac441a9c10b45c at maildal12.ecemail.ece.com> for
<symantec_support at ecemail.ece.com>;
 Thu, 15 Apr 2004 12:53:03 -0500
Received: from localhost ([127.0.0.1]) by webdal10 with Microsoft
SMTPSVC(5.0.2195.6713);
	 Thu, 15 Apr 2004 12:52:12 -0500
From: peter.stendahl-juvonen at welho.com
To: symantec_support at ecemail.ece.com
Subject: Auto-Protect
Date: Thu, 15 Apr 2004 17:52:12 UTC
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Return-Path: peter.stendahl-juvonen at welho.com
Message-ID: <WEBDAL10wae8i672byQ000194b3 at webdal10>
X-OriginalArrivalTime: 15 Apr 2004 17:52:12.0141 (UTC)
FILETIME=[614371D0:01C42312]


Could it be that my error report does not reach Symantec Corp's Tech
Support due to the very same reported error in their Anti-Virus
Scanners? Sic!


- Pete


         "Take nothing on its looks: take everything on evidence. 
                           There's no better rule."
         Charles Dickens (1812-1870); English novelist, dramatist.



GroupShield for Exchange (NDSXCH03)
<mailto:NAINASSITE01NDSXCH03 at naspers.com> wrote on Thursday, April 15,
2004 11:17 PM UTC+3

| Action Taken:
| The message was quarantined and replaced with a text informing the
| recipient of the action taken. 
| 
| To:
| 'General DShield Discussion List' <list at lists.dshield.org>
| 
| From:
| Peter Stendahl-Juvonen <peter.stendahl-juvonen at welho.com>
| 
| Sent:
| 1981054080,29631270
| 
| Subject:
| [Dshield] What triggered the positive false alarms (Was: An unfixed
| highly critical vulnerability discovered in Microsoft Internet
| Explorer)  
| 
| Attachment Details:-
| 
| Attachment Name: N/A
| File: Infected.msg
| Infected? Yes
| Repaired? No
| Blocked? No
| Deleted? No
| Virus Name: Exploit-MhtRedir.gen
| 
| 
| 
| 
| 
| **********************************************************************
| This email and its contents are subject to an email legal notice that
| can be viewed at: http://www.naspers.com/email/disclaimer.html.
| Should you be unable to access the link provided, please email us for
| a copy at Helpdesk at Media24.com.   
| 
| Hierdie e-pos en sy inhoud is onderhewig aan 'n regskennisgewing oor
| elektroniese pos wat gelees kan word by
| http://www.naspers.com/epos/vrywaring.html. 'n Afskrif kan aangevra
| word by helpdesk at media24.com.   
| **********************************************************************




More information about the list mailing list