Which AV package are you using? Perhaps it can be persuaded to stop the entire message, rather than just the attachment.
-Peter -----Original Message----- From: RBHATIA [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 10:28 To: Exchange Discussions Subject: RE: Message filtering I do have anti-virus software and it is trapping and quarantining the messages. But that doesn't stop the spoofed email from coming in. I would like to find out the source of the infection - who is the user who has been infected. Can I tell from the message header attached below ? -----Original Message----- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 1:25 PM To: Exchange Discussions Subject: RE: Message filtering First I'd change my DL SMTP addresses to something non-obvious. Then I'd implement an antivirus solution which could be configured to drop worms. > -----Original Message----- > From: RBHATIA [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 09, 2002 11:28 AM > To: Exchange Discussions > Subject: Message filtering > > > We're being hit big time by the KLEZ virus. Here is one of the messages > that > was sent. I've checked everyone's machines and everyone seems clear. So > I'm > guessing it's someone who works closely with our company as we have emails > floating back and forth between staff who claim they never sent each other > email. > What if I set up the message filtering option on the Internet Mail > Connector > to block the domain smtp02.vsnl.net and smtp03.vsnl.net since those seem > to > be the 2 main sources from where the emails are originating. > Also, how do I insert the entry ? Do I enter it as @smtp02.vsnl.net ? > > ------------------------------------------------------------ > Received: from smtp02.vsnl.net ([203.197.12.8]) by myserver.mycompany.com > with SMTP (Microsoft Exchange ................) > id 31VYJYRC; Mon, 8 Jul 2002 04:14:50 -0400 > Received: from Qrvlyi ([203.199.81.81]) by smtp02.vsnl.net > (Netscape Messaging Server 4.15) with SMTP id GYX8GJ00.Z9D for > <[EMAIL PROTECTED]>; Mon, 8 Jul 2002 13:49:31 +0530 > From: staff [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: ..................... _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
