[Top] [All Lists]

Re: [ietf-smtp] Help identifying unknown verb: FCCKV2

2012-09-28 17:26:54

On Sep 28, 2012, at 2:26 PM, "Carl S. Gutekunst" <csg(_at_)alameth(_dot_)org> 

Does anyone here know of a legitimate MTA, proxy/filter, IDS, or similar 
critter that sends this verb before sending EHLO?

  FCCKV2 zQUdwkgzYhu/noMgcNtA0wvhrV0T9SThL3koEfk=

I'm suspicious that it's a malware infection on the sender's host, but before 
I start making accusations I wanted to check around. Various web forums have 
also reported seeing this as an X-bar header line in HTTP requests, without 
identifying what it was.

In an http context it'd be something to do with Fortinet, I think. It's 
possible that it'd
show up on SMTP too, I guess.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>