I have declude w/ fprot running on my Imail server. In the last day, declude has been catching a number of BrideA.x (or Braid@MM) viruses from users on my server addressed to themselves. I've scanned the users' machines and my mail server and didn't detect any viruses. My guess is that someone else has the virus and the virus is spoofing the sending (from) email address. My question is, how can I track down where the actual virus originated from?Bride/Braid/Bridex/whatever is a new virus that came out earlier this week. It, like a number of new viruses from the past year, forges the return address of the E-mail. Unlike the other forging viruses (Klez, Bugbear, etc.) which put someone else's E-mail address as the return address, Bridex puts the recipient's name there.
The only way to tell where it came from is based on the IP address that it came from. The default Declude Virus notifications to the postmaster account will have a line such as "Remote IP: 192.0.2.193" in them, showing the IP address that it came from.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
