Hi Scott, Symantic returns this type of message to the administrator account
Message contained a virus Virus detected - [EMAIL PROTECTED] The message was Deleted The message was from <[EMAIL PROTECTED]> The message was to [EMAIL PROTECTED] Subject: Spam-Junk-Ad: bug announcement Message-Id: <[EMAIL PROTECTED]> I search the syslog for [EMAIL PROTECTED], grab the ip address from there, look it up at dnsstuff and see where it's coming from. If it's a country that we don't do business with or in, I've been adding them to the my ip blacklist. I'm also contemplating adding them to the kill file. In the last hour I've had over 75 from various ip's. I just find it strange that the email address is mine (email admin), it's a new address (change in spelling) and I typically don't subscribe to lists or news with a primary address. The Swen virus is know for haunting lists and news groups, so I thought I'd mention it....so people can check themselves if they so desire. ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, January 26, 2004 11:02 AM Subject: Re: [Declude.JunkMail] Question / interesting occurence > > >Is anyone getting on either of these lists getting slammed with > ><mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] virus? > > Our customers are seeing Swen account for about 10% of the viruses > (excluding vulnerabilities). > > >Out Symantec AV is set to email the administrator warnings. > >Reading through the warnings, they're coming from everywhere outside of > >the us & canada. > > Are you referring to the From: or return address ("[EMAIL PROTECTED]") or the > country of the IP address (which is highly accurate)? > > >The weird part is they're only going at the email address I use for these > >boards which was created when I setup imail. I don't use that email for > >any other boards or lists. > > Then it sounds like someone with IMail caught the Swen virus, and it's > getting sent out to you. > > IIRC, the return address of Swen is correct. So if you can find the return > address (from an X-Declude-Sender: header or "MAIL FROM" in the IMail SMTP > log file) you should find the person who was sending it to you. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
