Derek Lamparty wrote:
I am getting hammered by worm.sober.u-3. What are the characteristics of
this worm? Can it spoof ip addresses in the mail server logs?
If your mail server logs the IP of the TCP connection then the chances
are very good that it is not spoofed. It is very difficult to spoof
TCP connections.
I was trying
to track some of the viruses back to the origination point (there are a lot
of them) to let our members know that they might have a virus. I contacted
a couple and they said that their networks are clean.
Are you looking at the headers of the email message or the logs? You can
only trust your headers and the IP you received the message from in the
email headers. Anything below that can be B.S.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
