Hi,
Below an internal mail that was caught.
The section header was (server/share substituted):
------=_NextPart_000_0001_01C835BD.DC8E3F20
Content-Type: application/octet-stream;
name="BacoDiscussionsBlob.asp?ID={A1243322-3030-48BF-BD72-8A248CB26090}"
Content-Transfer-Encoding: base64
Content-Location:
http://server/share/docs/BacoDiscussionsBlob.asp?ID={A1243322-3030-48BF-BD72-8A248CB26090}
I'm assuming this Content-Location can be easily spoofed right? Or could I
somehow convince Declude to pass these mails when there is a specific
Contect-Location
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED] / www.tio.nl
----- Original Message -----
From: Postmaster
To: [EMAIL PROTECTED]
Sent: Monday, December 03, 2007 3:05 PM
Subject: Declude Virus caught a virus
Declude Virus v4.3.46 caught the CLSID Vulnerability virus in
BacoDiscussionsBlob.asp?ID={A1243322-3030-48BF-BD72-8A248CB26090}
from [EMAIL PROTECTED] to: [EMAIL PROTECTED]
Date: 03 Dec 2007 15:05:04
Subject: offerte Krasnapolsky mrt07 (dekanendag)
Spool File: D0d06059200009ba9.smd
Remote IP: 217.114.99.194
Headers:
Received: from hglfin02 [217.114.99.194] by tio.nl with ESMTP
(SMTPD-9.21) id AD061154; Mon, 03 Dec 2007 15:04:54 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Lidie Kuipers" <[EMAIL PROTECTED]>
To: "Geert A. van der Meer" <[EMAIL PROTECTED]>
Subject: offerte Krasnapolsky mrt07 (dekanendag)
Date: Mon, 3 Dec 2007 15:04:54 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0001_01C835BD.DC8E3F20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1914
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
