>No it is just taking an entry of the address book or contacts file and
>using it as its reply to address.
Yes, that is something that is done by several of the more recent viruses
(such as Klez and Bugbear).
>We get at least 300+ e-mails per day
>saying that one of our users sent this from our web server when in fact
>the IP address is not part of our LAN or any of the others that I
>permit. They are using another SMTP but because the reply to is from
>[EMAIL PROTECTED] we get a bounce message.
Ouch.
Note that Declude Virus will automatically suppress the notifications based
on the return address if Klez or another similar "forging" virus is
detected, so you don't have to worry about being part of that mess if you
run Declude Virus (although you'll still get the notifications sent from
outdated programs; we can't help you there). Actually, I believe that
Declude Virus may still be the only AV program that does this.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
