Thanks Scott: I guess I was fooled by:
Tue, 17 Feb 2004 20:09:49 +0100 FROM: "Administrator" [EMAIL PROTECTED] TO: "Inet Client" [EMAIL PROTECTED] SUBJECT: Failure Message X-ID: 798895329822232376 The from address in the header shows as @microsoft.com and that made me think it is forged.. The actual from address is @net-up.com. OK so it is not forging.. thanks Kami -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, February 17, 2004 3:15 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] W32/Valla.a virus >here is the alert for the virus: It doesn't look like this one was forged: >From: <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] The return address domain of net-up.com matches: >Received: from msg1.net-up.com [62.106.65.252] by foroosh.com >(SMTPD32-8.05) id A7513150058; Tue, 17 Feb 2004 14:11:13 -0500 the reverse DNS of 62.106.65.252 (ns3.net-up.com). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
