On Tue, Apr 30, 2002 at 07:27:07AM -0700, Surly Zek wrote: > Hello, > > I think there is a problem with at least q-s 1.10 and > 1.11. When a warning is sent, and q-s has detected > different "envelope from" and "header from" addresses, > q-s sends the warning to the wrong from address. >
That's not a bug. The "mail from:" SMTP envelope header refers to one address, and the From: header the user sees can refer to another. e.g. look at this message! It wasn't sent to you - but you still received it - how can that be? ANS: the SMTP envelope header refers to you, whereas the "TO:" header refers to [EMAIL PROTECTED] Some viruses alter the envelope header (after all - they generate it when they send the virus outwards) so that it is non-returnable (sometimes they change one char - sometimes they replace the whole thing). That way they stop AV tools (like Q-S) from reporting to the infected user that they have a virus. There is nothing that can be done about it... -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
