I have an imail server with unlimited users and this looks like it has
reached the limit. So first I have upgraded to a faster server, but then I
am not sure what to choose here, either a peeirng server based on Imails
description or a backup mail spooler also based on there descpition. What
http://www.ipswitch.com/support/IMail/guide/imailug7/config11.html#4382
will following this guide do what you tell me below,
Yes. Following that setup, the server will act as a gateway (which is
almost identical to acting as a backup server).
and then the stupid question where do place the
But if my my primary mailserver are up and responding it will never reach
the second ? or are there something here i don't see
What you do is you have the DNS set up so that the MX record points to the
new gateway server, instead of the existing server. For example, if you
now have:
Is there a way to add the name of the virus found to the header of the e-mail?
I have been asked by an ISP for the headers and the name of the virus for
follow up to a report that I made to them.
It would be much easier to just send the header if Declude could place the
name of the virus
I got an email in my inbox this morning that looks an awful lot like a
trojan to me. It had two attachments: class.exe and REGKBCMT.HTM.
That looks a lot like Klez.H, which just started spreading (fast) yesterday.
The thing that really bothers me is that a peek at the message source
shows
I am using AVG and Declude for virus protection. Just talked with IMAIL
about why every file caught says: Declude Virus v1.46 caught the Unknown
Virus virus in Unknown File. I tried adding the X-Virus-Name line to
the postmaster.eml and it did no good. IMAIL says it really isn't even
getting
This afternoon my spool directory started filling up... now i'm seeing about
25 files added to the dir ever minute or less... also, there seems to be an
unusual number of declude.exe processes running.
The first thing I would do is check the Declude log files to see if
anything unusual is
We have just released Declude Virus v1.47 (
http://www.declude.com/virus/manual.htm ), a beta version. The only
noticeable change is that the .eml template files can now have lines that
begin with SKIPIFVIRUSNAMEHAS followed by the name of a virus or a
partial virus name. These can go in
Thanks for this mod. Is there a way to specify the OutlookCR
vulnerabiltiy/virus in this directive?
Yes.
You could use:
SKIPIFVIRUSNAMEHAS Vulnerability
which would handle the CR vulnerability or any other type of vulnerability, or:
SKIPIFVIRUSNAMEHAS Outlook 'CR'
We have just released Declude Virus v1.48 (
http://www.declude.com/virus/manual.htm ), a beta version. The noticeable
changes include:
o Detection of the Outlook Blank Folding vulnerability
o An issue with ONACCESS ON setting fixed
-Scott
---
1. What is the Outlook Blank Folding Vulnerability? I just saw it in my
log file.
That occurs when an E-mail header consists of just a single tab character,
followed by a carriage return and linefeed. Outlook treats this the same
as a blank line, and starts processing the headers immediately
Oh the other postmaster for the address is not responding. It is the
KLEZ.H so I know it is spoofing the Address so I can't really blame him.
Can I?
With 1.47, you can add SKIPIFVIRUSNAMEHAS Klez to the otherpostmaster.eml
file, and the notification won't go to the other postmaster.
As for
Now I don't know which address (nmiller or mmiller) Declude sends it's you
sent a virus message to. Maybe Scott can answer that, but if it is the
wrong address then sending that message to the sender could be skipped.
Declude Virus sends to the return address (from the SMTP envelope), which
in
The thing is, 655.120.133.104 is a central freight server...ergo it is
being sent from a system that I thought I had protected.
Ah, I see now. Then I would guess that your original thought may be
correct (that it was picked up from another source, such as another E-mail
account).
Here is the old line:
SCANFILE D:\Norman\nvc\bin\nvc32.exe /AF /B /BS- /C /N /Q /LF:.\report.txt
Here is the new line:
SCANFILE D:\Norman\nvc\bin\nvcc.exe /B /BS- /C /N /Q /LF:.\report.txt
Thanks for pointing that out. The manual has been updated to include the
nvcc.exe entry.
Would the notification emails be something like this:
SKIPIFVIRUSNAMEHAS Magistr
SKIPIFVIRUSNAMEHAS Kelz
Like this -- although I'd use Klez instead. :)
SKIPIFVIRUSNAMEHAS W32/Magistr.b@MM; W32/Klez.h@MM; W32/Hybris.worm.B
This way will not work. This will look for a virus that has
Is this possible:
On the gateway server i want to recieve the mail and when its passed to my
mailserver it will be scanned by declude.
So that the server just recieve the mail without scanning and first when
it pass it to the other server it will be scanned on the
way out ?
I'm not entirely
Is there any possibility you could
make declude send the bounce messages directly bypassing Imail completely,
and then just send them once, that way server resources wouldn't be tied up
trying to send them multiple times throughout the day and then declude could
just ignore the bounced bounce
I am using Declude Virus v1.46 with McAfee 6.0 with data files dated the
17th of this month.
Some Hi How are you viruses are allowed through if the attachment is a .txt
file. Shouldn't my setup catch these as well? Is anyone else having this
same issue?
That depends on your setup. The default
Any one see this one yet?
We received an E-mail from Sophos about it yesterday. They had received 0
reports about it. However, given the subject matter, I wouldn't be
surprised if it does spread.
-Scott
---
[This E-mail was scanned for viruses by Declude
Sorry if this has been answered before -- On the line with
SKIPIFVIRUSNAMEHAS, is the virus name case sensitive?? Is Klez same as
or different than klez?
No, it is not case sensitive. So you can have either Klez or klez.
-Scott
---
[This E-mail was scanned for
We have just released Declude Virus v1.50 (beta). Noticeable changes include:
o Fixes problem with mailing list E-mails being delayed
o Fixes a problem with Blank Folding vulnerability getting triggered
with RFC822 attachments
o Adds a DAISYCHAIN option to allow for
But theoretically some script kiddy can send two files to his victim:
- a Virus/Trojan with renamed extension (.txt)
- a small script or program that never will e identified as a malicuos
code.
Now the victim will launch the second programm (you know there are more
then enough people doing
Here is a new one...haven't seen this in a notification before, but
virus and file name are unknown
This looks like it was caught because it was a suspicious file. F-Prot
returns a code of 8 when it detects a suspicious file, which some people
will treat as a virus (as there was a virus that
We have just released Declude v1.51 (beta). This includes another change
to ensure that mailing list E-mails are not scanned, but instead sent out
immediately.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
Scott, any reason why the /diag switch doesn't show the version anymore?
Yes -- it's now -diag.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
Can I use Bcc: in the .eml notification files?
No, Bcc: headers will not get processed. I believe that IMail1.exe doesn't
support them.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the
I'm using F-Prot with declude and works fine.
Today one customer said me tha the virus Klez.gen was received on his
mailbox.
It seems that F-prot (or declude) let go this virus
Do you think that's true ?
One possibility is that the virus was received from another source (such as
another
So from the information below which IP address is first received header?
Received: from mailhost1.attcanada.net [206.191.82.42] by mail.scm.ca with
ESMTP
(SMTPD32-6.06) id A87C25A70096; Thu, 02 May 2002 10:25:32 -0600
Received: from Eoqjmed ([142.154.13.134]) by mailhost1.attcanada.net
is there a variable for the following IP adress (sender)
Received: from mailhost1.attcanada.net [206.191.82.42]
Yes, the %REMOTEIP% variable will display the IP address of the remote
mailserver.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
Is there a way to add the footer to only outgoing messages?
I though this might be an easy way to put a company disclaimer in every
out going email. Unless someone else has a better way.
No, there isn't a way to restrict the footer only to outgoing E-mail.
-Scott
Having the same problem with Macafee. Console scanner will catch the file if
I manually scan the directory. Declude will not catch it.
Note that the Magistr.32768 required updated engines on some virus
scanners. It's best to make sure that the virus scanner engine is updated,
as well as
latest declude
latest def on F-rot an latest engine still slipping trough
F-Prot will NOT detect the Magistr.32768, even with the latest virus
definitions, if you are not running a recent scanning engine (.exe
file). I believe you need F-Prot 3.11 or higher.
Okay, the Klez notifications are driving me crazy. Where do I add the
option SKIPIFVIRUSNAMEHAS Klez to the headers? I know I need to upgrade
from Declude 1.46 to 1.51 Beta, but I'm not sure of the proper header
syntax.
All you need to do is add SKIPIFVIRUSNAMEHAS Klez anywhere in the headers
Scott or others,
how can I locate the problem ?
I can't connect to the mx server
216.72.25.226
I get the same IP for the MX record, but I can connect to it.
here is the tracert I get
1 7 7 172.16.12.1
2 23 16 208.154.200.5
3 719 696 10.0.6.1
4 867 148 192.168.230.18
5 664 -203 207.45.219.18
*
I have been notified by a client of ours that does secondary virus
scanning on their internal server that it caught two messages that went
through our mail server.
The following message had attachment(s) which contained the viruses:
From : [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
We have just released Declude Virus v1.52 (at
http://www.declude.com/virus/manual.htm ).
It has one fix since the last beta (allowing an on-access scanner to be
used without a stub command-line scanner).
It also includes some very minor fixes since the last released version
(1.46), the
The notice says it was in an attachment called *.att. What kind of
attachment is that?
That sounds like it may be a Microsoft TNEF-encoded file (which usually
come in winmail.dat, but I believe they can also be in *.att).
-Scott
---
[This E-mail was scanned for
Virus software doesn't work. VIRus log file contains 100's of lines
telling us the registration is invalid.
That will happen if the Official Host Name of your server doesn't match the
one that we used to generate the activation code. You can double-check by
going to Host Name on the General
What is the format need to use SKIPIFVIRUSNAMEHAS
Here is how my virus scanner reports a virus:
W32/Klez.h@MM virus !!!
W32/SirCam@MM virus !!!
You need to have SKIPIFVIRUSNAMEHAS, followed by one space or tab, and
text that appears within the virus name (part of the name is OK, and it is
How does declude send notifications ?
It sends them using IMail's imail1.exe.
Can we use imail rules to delete some messages (ie: if to adress is
[EMAIL PROTECTED] ?)
I believe that the IMail rules will work on E-mail sent with imail1.exe, so
that should do the trick.
how do i find the ip address on the imail server?
You can find it in the IMail SMTP log file (SYS*.txt or LOG*.txt). It will
appear in the connect line, and subsequent lines.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
I hope someone can help me with this. I'm having a problem with Declude
letting in a virus, and only to one person.
Are you using per-user or per-domain settings that could be causing this?
It was sent to one account and gets through, but when I receive it gets
blocked.
Do you mean that it
Wondering if it is possible to set Declude standard to allow emails from a
specific IP or email address to pass without catching and quarantining
messages.
With Declude Virus Pro, you can use the per-user settings to prevent E-mail
*to* a specific address from being scanned. It should also be
(IMail v6.06 - SMTP AUTH)
We need to enable SMTP AUTH for all of our clients -- we've found some
device/person (IP) on the outside of our network spoofing emails to lists by
the few users who are authorized list posters.
In order to do this, is it best that we just check No Mail Relay on the
Does anyone know anything about the W97M/Hopper.G Virus? I have a user
that says they received this via email and it was caught by declude when
they tried to resend it after modifying it. I have been unable to find
any useful information on it other than the fact that F-Prot is catching
My first thoughts were that they came from a different email account, but
the user is saying that is not the case.
What I would do is check the IMail SMTP log file to see if you can find the
E-mail in there, and then check the Declude Virus log file to see if there
is a Virus Free line (which
looking to buy junkmail pro soon, have few questions:
1- Is it as simple to install and configure as virus ? looking at junkmail
list, it seems we will need to configure tests, weights, ... Will you
offer a step by step assistance ?
It often does require a bit of tweaking, depending on your
I have just installed NetShield, (full install disabled on demand,) but
I do not see a scan.exe in the directory. I do see the scan32.exe, but
according to the virus manual, that is not the one to use for command
line.
I even ran a manual scan to see if it would create it.
You may need to do a
We need to enable SMTP AUTH for all of our clients -- we've found some
device/person (IP) on the outside of our network spoofing emails to lists
by the few users who are authorized list posters.
However, I don't believe that will prevent people from sending mail to the
list using
Is anyone else being drove to insanity by klez?
Klez is nasty. Very nasty.
We are catching the virus, but that doesn't stop everyone else on different
Isp's thinking we are sending them because of the spoofed from address.
And that's the problem. Although Declude Virus now has the ability
We have had incidents of our postmaster account being the spoofed address
that is used.
Does anyone have any ideas how Klez is doing this?
Klez sometimes makes up addresses, by combining a known username with a
known hosthame. So if you have [EMAIL PROTECTED] and
[EMAIL PROTECTED] in your
FYI, there is a new virus W32/Yaha-C that looks like it has a chance of
spreading rapidly.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just
We have an IMGate box setting in front of our IMail box and I am noticing
that the %REMOTEIP% variable is sometimes filled in with the IP of the
Postfix box and sometimes with an external (not ours) IP address.
Is this typical? Why would it be inconsistant in what it displays?
That is
ok, but my imail box is no longer listed in the MX records.
Most likely, there are some servers out there that still have the old DNS
records cached, and are sending the E-mails directly.
If that isn't the case, you can send me the headers from one of the E-mails
where an IP other than the
So for the next question: Can you add to
declude virus so I could get the IP of the remote (external) server that
delivered
the mail in this case? Or at least add it to the proposed
changes? Something like
%2NDREMOTEIP%?
There isn't any way to do that currently, but that is something we'll
05/24/2002 15:00:26 Q8dc40f10019cf219 Subject: Congratulations
05/24/2002 15:21:09 Q92a10f72025eee35 Subject: Spice girls' vocal concert
05/24/2002 15:27:20 Q94130f33019c9394 Subject: Fw:Support,darling
05/24/2002 15:30:13 Q94c202a501c63f0d Subject: Eager to see you
These are all subjects of
Since configuring McAfee as a secondary scanner about a week ago, I have
noticed that it is leaving a virus directory for each virus that it
finds.
Actually, I think the problem is that you have McAfee's on-access scanner
running. Note that the 0 file (which *should* be a non-text segment of
I have verified that the on-access scanner is disabled.
It looks like the .vir directory that was left behind had no viruses in
it. The only file it had was the 0 file, which was virus-free. So if
there *was* a virus in there, an on-access scanner almost certainly deleted it.
Right now,
You told me the other day how to setup up avg to work correctly, but I
mistakenly deleted that email before I had a chance to do it. What I was
wanting was to setup AVG and Declude so that it would read the virus name
in declude currently avg reads the virus and pops up a box with its name
Anybody else notice that all of a sudden the virus messages are stating the
old Unknown Virus virus in Unknown File?
Seems like since mid-afternoon Saturday. Everything else looks normal.
It's unclear exactly what this is -- whether it is a new virus, a mass
mailing of a virus, or something
Uhh I can't remember where to go to get the latest version?
You can get it from http://www.declude.com/virus/manual.htm .
And do I then just overwrite the existing declude.exe?
Yes (if you can't, you can rename the existing one to declude.bak, and then
you'll be able to copy the new one in).
We have just released Declude Virus v1.54 (beta).
v1.54 adds a new configuration option SUBJECT, that will let you add text
to the subject of E-mail that is scanned. For example, SUBJECT [Virus
Scanned].
-Scott
---
[This E-mail was scanned for viruses by
It isn't a new virus but this is the only report we've ever seen on our
system.
Search FPROT for exploit, mime, or .gen doesn't seem to show it.
Couldn't find another one since or before.
http://vil.mcafee.com/dispVirus.asp?virus_k=99273 shows that it's a generic
vulnerability that McAfee is
Can anyone tell me what the [Outlook 'CR' Vulnerability] is and where to
fine information on it to give to the customer. I am running f-prot 3.12
as the scanner
The issue is that there is a header with an illegal character in it (a
carriage return, rather than the carriage return +
FYI, there is a new virus out, that Sophos has alerted us to, called
W32/Fretham-Fam (no other AV companies that was get alerts from, including
McAfee, have sent out alerts yet). This may be become widespread because
of the social engineering aspect of it -- it pretends to have a Special
I have the BANEXT and the notify working fine. My question is there a way to
send the notify email to the postmaster (me) also to let me know that
someone tried to send a banned extension?
You can have:
To: %MAILFROM%,[EMAIL PROTECTED]
in the \IMail\Declude\BANnotify.eml file, which
Can I downoload the BANnotify.eml template from somewhere?
Yes, you can download it from
http://www.declude.com/release/154/bannotify.eml . Further details on
banning file extensions can be found at
http://www.declude.com/virus/manual.htm in the Banning files based on
extension section.
It seems to also use the MIME header exploit. This is such a common virus
virus element, maybe Declude should have an option to handle it.
Let me ask you this: Do you know of any resource that gives enough detail
that Declude could check for such an exploit?
We have samples of viruses that
Has anyone ever noticed that Frisk F-Prot failed the Virus Bulletin rating?
http://www.virusbtn.com/vb100/archives/tests.xml?200206
That's quite common (Trend Micro, Panda, McAfee, Kaspersky, and Grisoft
failed, too). Typically AV companies brag when they get the 100% for any
given month.
Let me ask you this: Do you know of any resource that gives enough detail
that Declude could check for such an exploit?
Can't say I've looked very hard, that's what I have you forg.
Don't take this as any sort of a complaint, just thinking out loud. Some of
the others are catching at
This just sucks!
http://vil.nai.com/vil/content/v_99522.htm
New computer virus can infect picture files
This sounds like just a scare tactic, and until more information can be
provided, should be treated as such.
Data is just data, and can NOT normally contain a virus. Cases where it
When I run a virus scan of mailboxes the scan is reporting this virus
infecting the mailboxes. Why are these getting through ...
To find out why, you'll need to open one of those mailboxes with a text
editor, such as Notepad (it is safe to open them with a text
editor). You'll need to check
Is it wise to turn on scanning for .jpg files then or is more of a waste of
time.
Until McAfee's wild claim can be confirmed, I don't see the need to turn on
scanning for .jpg files.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
What tag do I need to add to postmaster.eml that will show the MIS
number? I have a client who is deluged by Klez but cannot find which
computers are affected. Their computers were swapped out during a lay
off by their employees and unfortunately, the email programs are still
running on some
SCANFILEC:\progra~1\networ~2\comman~1\Scan.exe /ALL /NOMEM /NOBOOT
/SILENT /UNZIP
VIRUSCODE 13
Maybe I'm crazy but doesn't the scanner need to have a parameter for a log
file?
That's only used so that Declude Virus can get the name of the virus that
was detected. Without the
We have just released Declude Virus v1.55 (beta), at
http://www.declude.com/virus/manual.htm . Changes include:
o Adds support for E-mail with 0x1A (CTRL-Z) characters embedded in them
o Adds detection of Outlook MIME headers exploit
o Adds FORGINGVIRUS option (IE FORGINGVIRUS Klez) to replace
We have had a number of requests for a mailing list that will notify people
of new releases. We have added a new mailing list, Declude.Releases, that
will receive notifications of all new versions (both betas and released
versions). To subscribe, just send an E-mail to [EMAIL PROTECTED] with
Question for Scott:
Does the new mime exploit processing work like banned extensions? Does the
message have a chance to be scanned and assigned a real virus name
before the Outlook 'MIME Header' Vulnerability name is assigned?
Yes, the virus detection will still take precedence. For
The registry entry does not even exist in Windows 2000. Is there a different
name for windows 2000 registry?
It exists on our Windows 2000 servers. It is
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\
SubSystems\Windows.
Does anybody know? I know that this is not
Having a problem running the eicar test from the Declude web page. After
I submit my selection -- error message
returns: Sorry, an error Bad file descriptior occurred.
That may happen if our web host is temporarily overloaded with outgoing
TCP/IP sessions. I just checked now, and it worked
the from adress still shows in the header
is is the forged adress?
is there a way to eliminate this?
No, that can not be changed (Declude never modifies any of the E-mail
headers). One option would be to remove the %HEADERS% variable to
eliminate the headers from the notifications.
I have
I'm not sure how to go about checking for a sudden high volume of e-mail.
Is there a utility that graphs out # of e-mails on an hourly basis or
something?
Unfortunately, I don't think there is any program that will graph it
out. However, if you see that there is a problem, you can just check
Am I doing something incorrectly? I have put the following lines in my
config files:
Global.cfg
HELOBOGUS helobogus x x 0 0
Just to keep people on their toes, the test type is helovalid, so it
should be:
HELOBOGUS helovalid x x 0 0
I looked at the Declude Queue documentation but I am not sure if I
understand if it is part of Delude 1.53? Do I need to do anything to
activate it?
Yes, it is part of Declude 1.53. You do not need to do anything to
activate it -- it will run automatically.
-Scott
I have received 2 notices of e-mails failing the banned extensions
policy in the last two days.
The problem is that there is no extension is listed.
That shouldn't happen, but:
06/27/2002 10:52:01 Q50c0092b008a147a Scanned: Banned file extension.
[Prescan OK][UU: 0 0][BINHEX: 0 0][MIME: 3
we are getting some Lentin Viruses, and one of them I found strange:
---
Received: from mail.siller.de [80.128.231.29] by siller.de
(SMTPD32-7.07) id A885F57014E; Sun, 30 Jun 2002 16:41:09 +0200
From: Mail Delivery System[EMAIL PROTECTED]
To: [EMAIL
Does the message unknown host mean anything else than that the DNS did not
locate the remote server adress ?
I am getting the error below for many remote recipients at adresses of type
@x.dti.bollore.com
when i try to query DNS used by imail, i do get a valid mx hostaname and
adress (see below)
I'm getting many Unknown Virus virus in Unknown File.
Could anybody tell me what kind of virus is this?
Do you mean:
'I'm always getting Unknown Virus virus in Unknown File'?
If you are always getting it, then there is a configuration issue (if you
either E-mail me your virus.cfg file, or
This Junk mail that a customer of mine received have me somewhat
confused and perplexed. customer x started to receive junkmail from
customer y (they both know each other).
The X-sender-ip IS a valid ip in our dial-up range and customer Y WAS
logged in at this time these messages was sent.
The
Is there a way to keep from sending warning emails to certain domains, like
AOL?
No, there is not.
I am getting tired of AOL users writing postmaster back and saying they do
not have a virus or that they do not know who sent it to them, etc... it
wastes a lot of my time!
Perhaps you could
Scott,
First, I should mention that this is the Declude Virus mailing list, and
everyone on this list is getting a copy of this.
I just received a call from someone trying to send me email for 3 days.
Is returned saying uynknown account.
That's not a Declude issue. Declude doesn't touch the
Is there anywhere you can check what viruses are blocked with the current
definitions of F-Prot.
You can type F-Prot /VIRLIST to see a list of the viruses that it knows of.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
If your DNS servers are unreachable when an email server is requesting your
MX/A record to send mail. Does it bounce automatically or does it still have
the queue timer to deal with? Just trying to justify a tertiary DNS server
on a network elsewhere.
I believe it is supposed to wait until one
We own a copy of Declude Virus. The version of the virus software is
MacAfee 4.0 using the scan.exe file with Declude. We now need to upgrade
to 6.0. Will Declude work with this? How do I unconfigure 4.0 and
configure 6.0 to work. Normally the Net admin would do this but he is on
That's what I'm seeing, also. However, Scott, I was wondering if they will
still show up as [Outlook 'MIME Header' Vulnerability] once the virus
vendor provides an update or will they then show up as being
Win32/Frethem.L@mm or some such virus name?
Once the AV software starts catching it, you
If you setup multiple virus scanners it there anyway to see if both are
working properly via the logs or something?
Yes -- you'll see entries from each scanner when they detect a virus.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus
Have one other question we are setting up PCscan as a secondary scanner. I
saw that PCscan has the ablity to output a results file. Can this file be
used to get the virus names?
Using the tool that was posted here, you can.
On the other hand, if either virus scanner detects the virus and
Is there a way to specify multiple recipients in the notifications? I'd
like to also receive the BANnotify e-mails.
You can do this by separating the addresses with a comma (no spaces), like:
To: %MAILFROM%,[EMAIL PROTECTED]
Also, is there a way to have BANext send the messages to a
Is Lentin known to forge the headers? Or am I dealing with intentional
activity?
I have tried looking at Symantec but could not find an answer.
http://www.sophos.com/virusinfo/analyses/w32yahae.html shows that it sends
the E-mail on its own, so it can (and does) create whatever headers it
201 - 300 of 1188 matches
Mail list logo
