Question for the group? How hard would it be to have the AV software actually check the source email smtp host, and send an email to [EMAIL PROTECTED] for the *actual* offending smtp server?
The from field is almost worthless at this point. But the header is more reliable. Yes, it *can* be spoofed, but it's significantly more difficult. I'm nearly buried in false 'AV' responses - and worse, the users that get them are terrified because they think they've 'become infected'. I don't mind the user being wary, but the level of fear and anxiety over a false notice is becoming unworkable. Just Curious, -apjohnson (CISSP, CCNP, SCSA) Network Operations - Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
