|
Transcript of ScanMail emails re bad virus message
On October 30, Delphiforfun Newsletter #22 resulted in a misleading return
message from a "ScanMail" program installed on the server of one of
the subscribers. Through my oversight in setting up the
mail-list, that reply was redistributed to all subscribers, causing some
understandable concern. Here's the transcript of my
communications since then with the ScanMail
distributors. (Latest emails on top, so you have to work
your way through from bottom up.)
The bottom line -- they concede that there was no virus and that the
message sent by ScanMail was misleading. They also say that this has been
corrected in their latest release.
From: "Gary Darby" <garyd2@delphiforfun.com>
To: <support@support.trendmicro.com>
Subject: Re: Re: [TDSCFA826B6E] FW: [1102-c][1031-c]ScanMail Message: To Recipient virus found and action taken.
Date: November 05, 2001 10:41 PM
Jo-Anne
Yep - close it out. Glad it is being resolved.
Gary
----- Original Message -----
From: support@support.trendmicro.com
To:
Sent: November 05, 2001 9:26 PM
Subject: RE: Re: [TDSCFA826B6E] FW: [1102-c][1031-c]ScanMail Message: To Recipient virus found and action taken.
CASE ID TDSC-FA826B6E
CASE STATUS Solution Sent
PRODUCT ScanMail for MS Exchange
Please do not remove [Case ID] when replying to this mail. Thank you.
Dear Gary,
A new version of Scanmail for Exchange has already been released to address this issue. Again I apologize for the mishap. Please let me know if you have further inquiries regarding Scanmail and I will be glad to help you out. If evrything is well, I would like to ask your permission to close this case. I shall be waiting for your reply.
Sincerely,
Jo-Ann
---- Original Message ----
Yes, you have understood the problem correctly. I suspected that was the case. ScanMail's reply to the newsletter address was aggravated by the fact that, through oversight on my part, any email to the list was redistributed to all subscribers. So all subscribers saw your warning. That has since been corrected.
If your program cannot be made smart enough to modify the message based on the actual triggering event, I would suggest that you modify the default message to include the word "possible". Your current subject line is "Subject: ScanMail Message: To Recipient virus found and action taken." and the opening sentence is "ScanMail for Microsoft Exchange has detected virus-infected attachment(s).". Both of these are misleading and flat-out wrong in this case. Seems like something you would want to correct.
____________________________
Gary Darby
mailto:
http://www.delphiforfun.org
-------------------------------------------------
----- Original Message -----
From: support@support.trendmicro.com
To:
Sent: November 05, 2001 3:59 AM
Subject: RE: [TDSCFA826B6E] FW: [1102-c][1031-c]ScanMail Message: To Recipient virus found and action taken.
CASE ID TDSC-FA826B6E
CASE STATUS Solution Sent
PRODUCT ScanMail for MS Exchange
Please do not remove [Case ID] when replying to this mail. Thank you.
Hello!
Good day!
I received your e-mail and have stated your concern. Please correct me if I left some issues or I misunderstood your inquiry/problem.
*****************
Problem/Question:
A recipient of your newsletter using Scanmail for Exchange has blocked one of the files you are sending and declared that it is an infected attachment. However, tests reveal that it is not infected at all.
SOLUTION:
I apologize for the mishap. Our AVAPI protocol, a process that is used for scanning and blocking attachments only uses one notification message when a file is to be blocked or is found infected. However, this can be changed through the registry.
Please let me know if you need further assistance on this matter. Or if you need me to elaborate on the steps on how to change the message body for the attachment blocking notification. In this case, we will need the version of Scanmail he is using so that we can give proper insttructions.
I shall be waiting for your reply.
Sincerely,
Jo-Ann G. Manansala - MCP
Systems Engineer (Groupware Team), PSS Department
TrendLabs HQ, Trend Micro Incorporated
[URL / website] http://www.antivirus.com
[email] support@support.trendmicro.com
[Knowledge Base] http://solutionbank.antivirus.com/solutions
[US Corp. Support] +1 888 608 1009
---- Original Message ----
Dear Support,
Please assist us with the customer's query below. Attached are the files detected/blocked by Scanmail for your reference. The attached zipped file/s are already verify, these are not infected.
Thanks.
Sincerely,
VirusWatch Team, AntiVirus Group
TrendLabs HQ, Trend Micro, Incorporated
Web:
================ Additional Resources =================
Weekly Virus Report: <<>>
Virus Encyclopedia: <<>>
Solution Bank: <<>>
HouseCall (free scanner): <<>>
-----Original Message-----
From: Gary Darby [mailto:]
Sent: Friday, November 02, 2001 10:32 PM
To: Virus Doctor at US
Subject: Re: [1102-c][1031-c]ScanMail Message: To Recipient virus found
and action taken.
I have attached the subject newsletter in a zipped file in ".eml" and
".html" formats with a password as instructed. My Outlook Express mail
program does not seem to supports saving with ".msg" extension. If you
find anything interesting, please let me know.
____________________________
Gary Darby
mailto:
http://www.delphiforfun.org
____________________________
----- Original Message -----
From:
To:
Sent: November 02, 2001 6:56 AM
Subject: RE: [1102-c][1031-c]ScanMail Message: To Recipient virus found and
action taken.
> Dear Customer,
>
> Thank you for contacting the Virus Doctor @ Trend Micro. We received your
> e-mail regarding your concern.
>
> Please save the message with embedded graphics in an MSG fomat (.msg) then
> Zip it. Kindly follow the instructions I send you in my previous email
in
> sending us the file. This will be our reference in simulating your case.
>
> If you have other inquiries please do e-mail us again. Thank you and have
a
> nice day!
>
> Sincerely,
>
> VirusWatch Team, AntiVirus Group
> TrendLabs HQ, Trend Micro, Incorporated
> Web:
> ================ Additional Resources =================
> Weekly Virus Report:
> <<>>
> Virus Encyclopedia:
> <<>>
> Solution Bank:
> <<>>
> HouseCall (free scanner):
<<>>
>
> -----Original Message-----
> From: Gary Darby [mailto:garyd2@delphiforfun.com]
> Sent: Thursday, November 01, 2001 12:13 AM
> To: Virus Doctor at US
> Subject: [1102-c][1031-c]ScanMail Message: To Recipient virus found and
> action taken.
>
>
> I am not the ScanMail user, I'm the victim of an erroneous ScanMail reply
> message that said I had sent a virus infected email - which then got
> redistributed to my entire mailing list. Near the end of the message, the
> phrase "or inappropriate attachment" appears. If your users can block
.gif
> files with your software, perhaps the first sentence declaring it a virus
> should be modified to include that information. The ScanMail user that
> originated the message is mailto:PLUTO-SA@smf.com.au Original email that
> triggered the misleading message has html format with embedded graphics. I
> can send it to you, but I don't know how to attach it to this email.
> ____________________________
> Gary Darby
> mailto:
> http://www.delphiforfun.org
> -------------------------------------------------
>
>
>
>
>
> ----- Original Message -----
> From:
> To:
> Sent: October 31, 2001 10:59 AM
> Subject: RE: [1031-c]ScanMail Message: To Recipient virus found and action
> taken.
>
>
> > Dear Customer,
> >
> > Greetings!
> >
> > We would like to know the exact name of the virus detected the
> > detected files, if there is any? You may also send us a copy of the
> > detected files for analysis. Kindly compress it in a zip format and
> > password protect it with "virus" as the password. To be able to submit
a
> > password protected ZIP file you must first have file compression
software
> > like WINZIP. You may download a trial version from
>
> > and install it in your system.
> >
> > If you already have Winzip installed, just follow the steps below.
> >
> > a.) please right click the file (do not double click the file) you
> > want to send and select "Add to Zip" on the pop-up menu.
> > b.) enter a filename for the ZIP file
> > c.) click "password" at the bottom of the right corner
> > d.) Type in "virus" in small captions (this will serve as the
> > password for the zip file and will be required to be able to unzip or
> > read the contents of the file)
> > e.) click OK=>click Add.
> > f.) Please send the password protected zip file to me and I will
> > have our anti-virus engineers analyze the file for viruses.
> >
> > Also, please send us the registration number of the Trend Micro product
> you
> > are using, as this is a requirement to get Virus support from us. If you
> are
> > a Trend Micro PC-cillin user and you have lost/forgotten your
registration
> > number, please send an email to retail@trendmicro.ph. Please send us in
> > another email; your registered fill name and your email address so that
we
> > can process your request.
> >
> > If you are a corporate user, please send email to
> > support@support.trendmicro.com for your registration number enquiry.
> >
> > However, you can also find answers to your virus questions at the Trend
> > Micro Virus Information Center at .
> >
> > If you are concerned that your system is infected, please use Trend
> Micro's
> > free online scanner and cleaner, HouseCall, at
> > .
> >
> > In all future correspondence, please include this email so that we can
> track
> > your request at all time.
> >
> > Thank you and hope to hear from you soon.
> >
> > Sincerely,
> >
> > VirusWatch Team, AntiVirus Group
> > TrendLabs HQ, Trend Micro, Incorporated
> > Web:
> > ================ Additional Resources =================
> > Weekly Virus Report:
> > <<>>
> > Virus Encyclopedia:
> > <<>>
> > Solution Bank:
> > <<>>
> > HouseCall (free scanner):
> <<>>
> >
> >
> > -----Original Message-----
> > From: Gary Darby [mailto:]
> > Sent: Tuesday, October 30, 2001 10:57 AM
> > To: Virus Doctor at US
> > Subject: [1031-c]ScanMail Message: To Recipient virus found and action
> > taken.
> >
> >
> > I sent a newsletter out this evening have received several replies like
> > this. I don't believe that there is anything wrong with the original
> > newsletter. I'll be happy to send you a copy. Any ideas on how to
> restore
> > my reputation?
> >
> > ____________________________
> > Gary Darby
> >
> > -------------------------------------------------
> >
> >
> > ----- Original Message -----
> > From: "System Attendant"
> > To:
> > Sent: October 29, 2001 8:48 PM
> > Subject: ScanMail Message: To Recipient virus found and action taken.
> >
> >
> > > ScanMail for Microsoft Exchange has detected virus-infected
> attachment(s).
> > >
> > > Sender = Gary Darby
> > > Recipient(s) = DFFNews2@delphiforfun.org
> > > Subject = DelphiForFun Newsletter #22
> > > Scanning Time = 10/30/2001 12:48:42
> > >
> > > Action on virus found:
> > > The attachment hippic.gif matched file blocking settings. ScanMail has
> > Moved
> > > it. The attachment was moved to C:\Program
> > > Files\Trend\Smex\Alert\hippic3bde06fa13a.gif_.
> > >
> > > The attachment graph2001.gif matched file blocking settings. ScanMail
> has
> > > Moved it. The attachment was moved to C:\Program
> > > Files\Trend\Smex\Alert\graph20013bde06fa13b.gif_.
> > >
> > > The attachment cursors.gif matched file blocking settings. ScanMail
has
> > > Moved it. The attachment was moved to C:\Program
> > > Files\Trend\Smex\Alert\cursors3bde06fa13c.gif_.
> > >
> > > The attachment simplecart50.gif matched file blocking settings.
ScanMail
> > has
> > > Moved it. The attachment was moved to C:\Program
> > > Files\Trend\Smex\Alert\simplecart503bde06fa13d.gif_.
> > >
> > > The attachment tshirts.gif matched file blocking settings. ScanMail
has
> > > Moved it. The attachment was moved to C:\Program
> > > Files\Trend\Smex\Alert\tshirts3bde06fa13e.gif_.
> > >
> > > The attachment chinese small.gif matched file blocking settings.
> ScanMail
> > > has Moved it. The attachment was moved to C:\Program
> > > Files\Trend\Smex\Alert\chinese small3bde06fa13f.gif_.
> > >
> > > The attachment coaster2.gif matched file blocking settings. ScanMail
has
> > > Moved it. The attachment was moved to C:\Program
> > > Files\Trend\Smex\Alert\coaster23bde06fa140.gif_.
> > >
> > > ScanMail detected an inappropriate attachment or a virus in an email.
> The
> > > attachment has been blocked.
> > >
> > > Please advise the sender that SMF does not accept inappropriate
> > attachments.
> > >
> > >
> >
> >
>
>
|