RE: [Declude.Virus] Klez and IP

[Rodney Bertsch]

We're stopping tons with the same sender address too.   After the first couple dozen I decided the user must actually have the virus.  We knew them, contacted them by phone and explained the problem.  They were/are totally clueless and have no idea how to go about getting virus software and scanning for Klez. <sigh>  I contacted their ISP and they said they will be shutting down their e-mail account until they get the problem solved.   - Rodney -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heimir Eidskrem Sent: Tuesday, August 20, 2002 1:44 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Klez and IP We are stopping tons of klez infected mail using the same sender address.   My question is regarding the reported remote ip address - the ip address reported using the %remoteip% is that the actually ip address of the computer sending the virus or is that also forged by the virus?   So far I have logged 25 different ip addresses using the same sender address.   Thanks, H.