[GLLUG] Can anyone tell me what this is trying to do?

[Andy Smith]

Hi John,

On Mon, Nov 04, 2013 at 04:39:07PM +0000, John Winters wrote:
> OK - I should have made my question clearer.  I can see the payload, but
> I'm puzzled as to how the line of code would come to be executed in the
> first place.  What MTA or MUA would execute the sender's name?

Looks like it's this for Exim+Dovecot:

    https://isc.sans.edu/diary/Dovecot++Exim+Exploit+Detects/16243

(second google hit for "ifs perl exploit")

Cheers,
Andy

-- 
http://bitfolk.com/ -- No-nonsense VPS hosting