Hi! I'm having the same problem..have u solve it? -----Original Message----- From: Jeremy Pinquist [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 10:25 PM To: Exchange Discussions Subject: Tracking Klez on exchange 2k.
Yes, I'm running antivirus, as well as blocking extentions. (norton for exchange 2.5) I have a sneaking suspicion that a user, perhaps a remote access machine that's connecting to exchange may be infected. I'd like to hunt down the offender and chew them out. Does the message tracking center in System Manager pull the true sender's email addy, or the klez'ed spoofed one? I've got NAV CE running on all the on site workstations, so i'm moderately sure it's no one in my building, but i want to make sure. Question: If a user who is using Outlook for Corp/Workgroup settings is infected, will Klez send itself out via the Outlook-Exchange connection, or will it still use SMTP to distribute itself. If it does worm thru Outlook, does it still spoof the name? If it does, how can you tell the true originator without any headers? Couldn't find anything on Symantec's website about this. Jeremy _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
