> < that will serve no use, as most viruses come directly from users > computers, which either will have no PTR or > a generic ISP PTR, something line 1.1.168.192.adsl- > customer.mybig.isp.com.> > > That may be true in some cases.
It is more that some cases. I would have to say most cases. > but in my particular situation, i had some problems with my users by > giving > only the ip adress of the remote smtp server (for forging viruses) > they were more receptive when i do a dns lookup and give them a host name. What, your users want to track the sender down? I can tell you very easily that most forging viruses come straight from the infected computer, not through a relay. Here is the message I use: ________________________________________________________________________ SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Sobig ONLYSENDIFREMOTESENDER From: [EMAIL PROTECTED] To: %ALLRECIPS% Subject: NOTICE: WE BLOCKED A VIRUS SENT TO YOU! The Virus scanning software on %LOCALHOST% has reported that you were sent an e-mail from %MAILFROM%, containing the %VIRUSNAME% virus in the %VIRUSFILE% attachment. The subject of the E-mail was "%SUBJECT%". The E-mail containing the virus has been quarantined to prevent further damage, and will be deleted automatically after 5 days. PLEASE NOTE! If the e-mail from says [Forged], this means the virus is known to forge the sending e-mail address and is therefore useless information. ----------------------------------------------------------------------- John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
