On Jan 4, 2006, at 11:13 AM, Derek Lamparty wrote:
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Tomasz Papszun
Sent: Wednesday, January 04, 2006 11:08 AM
To: [email protected]
Subject: Re: [Clamav-users] Spoofing IP Address?
On Wed, 04 Jan 2006 at 10:35:20 -0600, Derek Lamparty wrote:
I am getting hammered by worm.sober.u-3. What are the
characteristics
of this worm? Can it spoof ip addresses in the mail server
logs? I
was trying to track some of the viruses back to the
origination point
(there are a lot of them) to let our members know that they
might have
a virus. I contacted a couple and they said that their
networks are clean.
Quite likely.
The principle is sad nowadays: you can't trust any mail
headers beyond your own mailserver's ones.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
I didn't know that was possible. Huh? Doesn't that really make RBLs
pointless?
they always were pointless. How many times has each of us had to go
to a maintainer of an rbl and explain that we were not, in fact,
spammers. and face the inevitable...prove it. grrrr.
Derek Lamparty
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
