SMTP headers, ducks. At the very least they'll tell you where the
originating system was. Then you can say to the recipient, "hey, do you know
anyone from WeSendViriiiises.com?" and take it from there.
The other option is to contact the postmaster at the sending domain. I've
had mixed success with that.
--
be - MOS
It's not so hard to lift yourself by your bootstraps once you're off the
ground.
-- Daniel B. Luten
> -----Original Message-----
> From: Jeffrey Dubyn [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 18, 2002 11:10 PM
> To: Exchange Discussions
> Subject: Determining Klez.H.Worm Origin
>
>
> On an Exchange 5.5 SP4 box, NAVMSE antivirus is catching and
> quarantining about 50 Klez emails/day. There are only 10 workstations
> in the environment and all of them have checked out clean with NAVCE.
> NAVMSE only says "origin unknown" on each of the emails. Any
> tricks to
> find where the virus is coming from? Thanks!
>
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
