Spyware, Viruses, & Security forum

General discussion

MailFilterGateway E-Mail Virus Protection Service

by eMpulignano / January 23, 2008 3:16 AM PST

Does anyone know this program? Somehow it is intercepting email newsletters that I have normally received without a problem. It is not installed on my machine and when I checked the messages on my server, the same ones have been stripped and replaced with the same message:

Warning: This message has had one or more attachments removed
Warning: (The entire message).
Warning: Please read the "Mail-Filter-Gateway-Attachment-Warning.txt" attachment(s) for more information.

This is a message from the MailFilterGateway E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "The entire message"
was believed to be dangerous and/or infected by a virus and has been
replaced by this warning message.

At Wed Jan 23 05:02:19 2008 the scanner said:
message was infected: Phishing.Heuristics.Email.SpoofedDomain FOUND


--
Postmaster

My ISP/server says they are not doing it - so, who is? And how do I tell them to stop?

Maureen
www.deefalt.com

Discussion is locked
You are posting a reply to: MailFilterGateway E-Mail Virus Protection Service
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: MailFilterGateway E-Mail Virus Protection Service
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Is it your own email/domain name
by Donna Buenaventura / January 23, 2008 5:27 AM PST

or it is an email account provided by ISP?

Collapse -
domain/account
by eMpulignano / January 23, 2008 7:08 AM PST

It is the email account within my domain, which is hosted by Hostway.

Collapse -
Check with the hosting company then
by Donna Buenaventura / January 23, 2008 1:45 PM PST
In reply to: domain/account

They may have added mailscanner in their sendmail.
Or if that is paid hosting, go to your domain panel and see if they've added that mailscanner option and see if you have the option to disable it.

Collapse -
I don't think so
by eMpulignano / January 23, 2008 2:05 PM PST

It is showing up in the details of all my incoming email, so it is not coming from the senders.

I have all filters turned off in my sitemail and Hostway denies that it is a program they use.

So, I would like to know where this is coming from and how to contact them.

Collapse -
If the host don't use such
by Donna Buenaventura / January 23, 2008 4:26 PM PST
In reply to: I don't think so

then that message does not exist.
It could be a spam only.

You cannot check the headers of the sender since the host and ISP don't use it or did not install in the server.

Collapse -
well. . .
by eMpulignano / January 23, 2008 11:29 PM PST

These are legitimate newsletters, one of which I have been receiving for more than 10 years! Here are the properties:

Received: from mx04.mfg.onr.siteprotect.com (unknown [192.168.33.225])
by mf19.mfg.onr.chicago.hostway (Postfix) with ESMTP id 5BDC31EE80B5
for <xxxxxxx@xxxxxx.com>; Wed, 23 Jan 2008 05:02:19 -0600 (CST)
Received: from mta.email.myfamily.com (mta.email.myfamily.com [198.31.62.123])
by mx04.mfg.onr.siteprotect.com (Postfix) with ESMTP id 9EFFD20B404E
for <xxxxxxx@xxxxxx.com>; Wed, 23 Jan 2008 05:02:05 -0600 (CST)
Date: Wed, 23 Jan 2008 06:01:58 -0500 (EST)
Message-Id: <Kilauea157897-26177-241944707-3-1013@flonetwork.com>
From: "Rootsweb Review" <RootswebReview @ email.rootsweb.com>
Reply-To: "Rootsweb Review " <RootswebReview-ctg0aeb7kaacndeq426iqndzohvgaaaq @ email.rootsweb.com>
To: xxxxxxx@xxxxxx.com
Subject: ***VIRUS*** Rootsweb Review, 23 January 2008, Vol.11, No. 4
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----000000000000000000000000000000000000000000000000000000000000000"
Mail-Filter-Gateway: Found to be Infected with a Virus
X-Mail-Filter-Gateway-SpamDetectionEngine: NOT SPAM,
MailFilterGateway Engine (Not Cached, Score=0.252, Score Required 6,
autolearn=disabled, HTML_MESSAGE 0.00, PRICES_ARE_AFFORDABLE 0.00,
URIBL_GREY 0.25)
X-Mail-Filter-Gateway-From: rootswebreview @ email.rootsweb.com
X-Mail-Filter-Gateway-To: xxxxxxx@xxxxxx.com
X-Spam-Status: No
X-NAS-BWL: No match found for 'RootswebReview @ email.rootsweb.com' (1595 addresses, 0 domains)
X-NAS-Language: English
X-NAS-Bayes: #0: 7.38781E-045; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 44270
X-NAS-Validation: {6E7A95F8-6188-475E-B78E-8EDEA3F2388C}

And, once again, the X-Mail-Filter-Gateway stuff is appearing in the properties of all my received email, a;though only these two (so far) have been labeled as "virus" and stripped.

I don't mean to be a bother, but I am concerned about this.

Message was edited by: admin to remove personal email address to prevent spam harvesters from picking it up

Collapse -
hhmm the header
by Donna Buenaventura / January 23, 2008 11:52 PM PST
In reply to: well. . .

It looks like the sender of the newsletter is the one has issue.
I would contact them and let them see this. If their mailing list application or service is compromised or something.

BTW, I requested to the admin to edit your post by removing your email address and other important info I think should be removed.

Collapse -
Hostway
by rfertel / June 8, 2009 12:54 AM PDT

Hostway is definitely the source of this spam and virus protection. i had been getting the same messages, am hosted by Hostway, and checked my account. you can turn them off by entering your control panel.

Collapse -
MailFilterGateway E-Mail Virus Protection Service & Hostway
by edgeman / July 22, 2009 7:58 AM PDT
In reply to: Hostway

I received a similar message and I am also using Hostway. So that is looking more like the source.

Collapse -
Hostway problems
by bobinfg / March 2, 2010 3:41 AM PST

I recently ended up with Hostway as my email server courtesy of Verizon FiOS. To say that I am generally disappointed with the customer service at both companies would likely be the biggest understatement of the decade we are now in. And, the "MailFilterGateway" note did not show up until we went onto Hostway!!

Collapse -
Ah Ha the fix.
by edgeman / March 26, 2010 3:42 AM PDT

Ah Ha! Go to SiteMail control panel not your web site control panel.

In order to manage your Spam filter please log in to SiteMail http://sitemail.hostway.com , go to "Settings" at the top and click on "Manage CleanMail plus" on the left hand side. There you can manage all of your spam settings.

Collapse -
Hostway problems
by PawAngel / April 3, 2010 6:27 AM PDT
In reply to: Ah Ha the fix.

But they charge you for that.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.