Greetings,
I am forwarding a message that declude has been sending me. I just want
to see if I interpret this correctly. I have been getting hundreds of these
virus messages, all from the jleclair05 account. I do have a user here by
that name AND, to make matters worse, the 10.200.11.65 address is an
internal DHCP address, but is non routable and would be natted to a
different address in our firewall. You can see by the second header that
msoe.edu is there as well. This host always changes. Can anyone tell me
what, exactly, is going on? I have forced the 10.200.11.65 address available
and deactivated in DHCP, in case that was from an internal address somehow,
but I haven't truly fixed the problem. Thanks for any help you can give.
Jim
----- Original Message -----
From: "Postmaster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 05, 2002 8:04 AM
Subject: Declude Virus caught a virus
> Declude Virus v1.58 caught the Unknown Virus virus in Unknown File
> from [EMAIL PROTECTED] to: [EMAIL PROTECTED]
>
> >From IP: 10.200.11.65
> >From Host: askmen.com
> Date: 09/05/2002 08:04:44
> Subject: Worm Klez.E immunity
> Spool File: D484f1fe.SMD
> In or Out: outgoing
> Message ID: <200209050804928.SM00189@Yik>
> Virus: Unknown File
>
> Headers:
> Received: from Yik [10.200.11.65] by mcgraw.elmira.edu
> (SMTPD32-7.05) id A84FB4901FE; Thu, 05 Sep 2002 08:04:34 -0400
> From: webmaster <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Worm Klez.E immunity
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary=NYaS06gh036g5Qh6K8Y99
> Message-Id: <200209050804928.SM00189@Yik>
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
