When I get the following notice from Declude; which is the "true"
sender knowing the Klez forges headers .. and which one is getting the
virus notice from the server? The From: that declude reports, or the
from in the headers, or neither?
David
-=----
Declude Virus v1.53 caught the following:
Virus Name: : W32/Klez.H@mm
Virus File: May 9.bat
From: [EMAIL PROTECTED]
To : [EMAIL PROTECTED]
Date: 05/19/2002 08:47:51
Subject: Worm Klez.E immunity
Spool File: Dc925006701aaa3dd.SMD
----------------
Received: from host.netfronts.com [209.239.38.95] by stat.com with ESMTP
(SMTPD32-7.07) id A9256701AA; Sun, 19 May 2002 08:47:49 -0700
Received: from Ujnlfgai ([65.174.147.202])
by host.netfronts.com (8.10.2/8.10.2) with SMTP id g4JFllo13953
for <[EMAIL PROTECTED]>; Sun, 19 May 2002 11:47:47 -0400
Date: Sun, 19 May 2002 11:47:47 -0400
Message-Id: <[EMAIL PROTECTED]>
From: aluscre <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Worm Klez.E immunity
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=M24JxCE0GyJ4F4434rW8
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
