Spam detection software, running on the system "rimantadine.ncsa.uiuc.edu", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster@ncsa.uiuc.edu for details.
Content preview: Warning: This message has had one or more attachments
removed (price.zip, wpmyxgrtf.exe). Please read the
"NCSA-Attachment-Warning.txt" attachment(s) for more information.
February price This is a message from the MailScanner E-Mail Virus
Protection Service The original e-mail attachment "price.zip" was
believed to be infected by a virus and has been replaced by this warning
message. [...]
Content analysis details: (7.7 points, 4.9 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.0 MSGID_SPAM_LETTERS Spam tool Message-Id: (letters variant)
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
[SPF failed: ]
1.2 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[193.251.6.147 listed in dnsbl.sorbs.net]
0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
1.7 DNS_FROM_RFC_POST RBL: Envelope sender in
postmaster.rfc-ignorant.org
-0.8 AWL AWL: From: address is in the auto white-list
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
--- Begin Message ---
- To: "Vmi-bug" <vmi-bug@ncsa.uiuc.edu>
- Subject: {Virus?} price
- From: "Akshay" <akshay1127@hotmail.com>
- Date: Thu, 28 Sep 2006 10:08:23 +0100
- Content-type: multipart/mixed; boundary="--------vbuzjlicagitzuexmuay"
Warning: This message has had one or more attachments removed (price.zip, wpmyxgrtf.exe). Please read the "NCSA-Attachment-Warning.txt" attachment(s) for more information.
February price
This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "price.zip" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please e-mail the NCSA Help Desk (help@ncsa.uiuc.edu) and include this message with your request. Alternatively, you can call them at +1 217 244 0709 with the contents of this message on hand when you call. At Thu Sep 28 03:08:26 2006 the virus scanner said: ClamAV Module: price.zip was infected: Worm.Bagle.CP ClamAV Module: wpmyxgrtf.exe was infected: Worm.Bagle.CP Note to Help Desk: Look on the NCSA MailScanner (rimantadine.ncsa.uiuc.edu) in /var/spool/quarantine/20060928 (message k8S88Meu030486). -- The NCSA Email guys
--- End Message ---