[Declude.Virus] Forging Virus

[Russ Uhte \(Lists\)]

I'm running Declude v1.76i14, and it is my understanding that this version 
will lookup the virus name via DNS to see if it's forging or not.  It 
appears that the below virus is forging, but I believe my logs show it 
trying to send a notification to the sender.  Is this common behavior on 
forging virii?  Below is also a log snippet...

---Snip---

Declude Virus v1.76i14 caught the Downloader-BO.dr trojan !!! in Unknown File
from [EMAIL PROTECTED] to:  [EMAIL PROTECTED]
Date:       10/31/2003 07:51:50
Subject:    Your message delivery has been failed.
Spool File: D5a61623c0110e1fe.SMD
Remote IP:  80.218.15.185
Headers:
Received: from hispeed.ch [80.218.15.185] by mail.parallax.ws
  (SMTPD32-7.15) id AA61623C0110; Fri, 31 Oct 2003 07:49:37 -0500
Received: from dclient80-218-15-185.hispeed.ch 
(dclient80-218-15-185.hispeed.ch [80.218.15.185])
        by hispeed.ch (8.12.8p1/8.12.8) with ESMTP id rypuv04096
        for <[EMAIL PROTECTED]>; Fri, 31 Oct 2003 11:35:04 -0400 (EST)
Date: Fri, 31 Oct 2003 11:35:02 -0400 (EST)
From: Mailer Daemon <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v1.61) Personal
Reply-To: [EMAIL PROTECTED]
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Your message delivery has been failed.
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------64066578153"

---Snip---
10:31 07:51 SMTP-(00000BE8) processing S:\IMAIL\spool\Q5fee8da0d5c.GSC
10:31 07:51 SMTP-(00000BE8) Trying bellsouth.net (0)
10:31 07:51 SMTP-(00000BE8) Connect bellsouth.net [205.152.59.33:25] (1)
10:31 07:51 SMTP-(00000BE8) 220 mail.bellsouth.net ESMTP server (InterMail 
vM.5.01.05.27 201-253-122-126-127-20021220) ready Fri, 31 Oct 2003 07:51:51 
-0500
10:31 07:51 SMTP-(00000BE8) >EHLO parallax.ws
10:31 07:51 SMTP-(00000BE8) 250-imf03aec.mail.bellsouth.net
10:31 07:51 SMTP-(00000BE8) 250-HELP
10:31 07:51 SMTP-(00000BE8) 250-PIPELINING
10:31 07:51 SMTP-(00000BE8) 250-DSN
10:31 07:51 SMTP-(00000BE8) 250-8BITMIME
10:31 07:51 SMTP-(00000BE8) 250 SIZE 26214400
10:31 07:51 SMTP-(00000BE8) >MAIL FROM:<[EMAIL PROTECTED]>
10:31 07:51 SMTP-(00000BE8) 250 Sender <[EMAIL PROTECTED]> Ok
10:31 07:51 SMTP-(00000BE8) >RCPT To:<[EMAIL PROTECTED]>
10:31 07:51 SMTP-(00000BE8) 550 Invalid recipient: 
<[EMAIL PROTECTED]>
10:31 07:51 SMTP-(00000BE8) >QUIT
10:31 07:51 SMTP-(00000BE8) 221 imf03aec.mail.bellsouth.net ESMTP server 
closing connection
10:31 07:51 SMTP-(00000BE8) Creating message from Postmaster

---Snip---

Thanks for your help!! 

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.