If you had read the tech specs on that virus, you would've know that it does spoof email addresses. Any admin who contacts you and claims that you're sending them viruses also has not read the specifications of this virus. They also have no idea on how to decipher (or even locate) SMTP header information.
Depending on your SMTP architecture, if you have a content filtering product in place, you could block the messages based on the subject line before they get scanned. Or setup a rule to store all warnings about KLEZ to go to a specific folder. etc. etc. Serdar Soysal -----Original Message----- From: Sander Van Butzelaar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 8:04 AM To: Exchange Discussions Subject: WORM_KLEZ.G Sever Impact Hi All This virus, although being detected and stripped off, still causes an enormous amount of email traffic. I currently receive about 50 to 60 warnings per hour. Is there anything one can do proactively here, no, I don't mean pull out the network cable....:-) or should I just sit out the storm until other administrator have patched their servers. I'm also getting calls from other administrator saying I'm sending the virus to them, but the user accounts they say send these emails have nothing in there send items, nor do I have and records in my logs, which leads me to believe this little virus is spoofing email addresses. Sander _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
