Yesterday, for the first time in at least 2 years, I have started receiving the following messages (at least 200 copies) from 18.104.22.168, a Secure Computing (McAfee) address from Minneapolis. At the same time, one of our appliance was reporting problem updating it's AV sig... So, the question now is How is it that the warning e-mail is coming from McAfee and not from the appliance itself???
AV Engine load for 'SCANM22.214.171.124.2799' failed. Webwasher uses previous version 'SCANM126.96.36.199.2776'.
Received: from ([188.8.131.52]) by smtp2.loto-quebec.com with SMTP id
1FDHWG1.33554424; Wed, 25 Jul 2012 13:51:39 -0400
Date: Wed, 25 Jul 2012 17:33:54 +0000
Subject: AV load failed
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginalArrivalTime: 26 Jul 2012 12:12:54.0521 (UTC) FILETIME=[FC592690:01CD6B27]
Yes and I just change the source e-mail adresss from @webwasher.com to our own domain but, whatever the source address, the e-mail is coming from the outside... From your own server!!! That is the strange thing...
Version 6.8.7 build 9396
Ce message a été modifié par: DBO on 26/07/12 22:00:20 CDT
as far as I know this is the external IP address the support lab over there uses. Is it maybe possible that they have setup a feedback with your configuration for troubleshooting that has your eMail notification settings still in place? This is something I have seen in the past. If the SMTP server configured on your machine is available from the outside also a node running in our labs will be able to send notifications and they may look closely like your notifications, but certainly come from the outside.
Can you let us know if you have provided a feedback to support in the last days ?
If there is an open SR in regards to this system where you have provided a feedback please reply to the SR owner and ask if this is possible.
Note: Usually when setting up a customers configuration all notifications are turned off automatically. In some cases it is required to manually set up ALL the customers settings manually, in this case the above can happen.
Note2: This is just an idea how this could happen...
No open case as far as I know but I just ask around.. There is a feedback file dating from july 12th on the server but I doubt that we ever had a live feedback to support, ever...
Funny thing is that If I run an alert test for the av, the warning come from our internal smtp server. This morning, I have received another warning about the AV engine having problem with it's update, again coming from a McAfee external server... Our proxy don't have smtp active and are not accesible from the outside.
very strange. Do you mind sending me one of those eMails in its complete source? I would like to have a look at all the headers, maybe that helps finding our where that eMail comes from. You could contact me via IM and I will share my eMail address. We probably do not want to expose all the information on the community.