Hello,
I'm getting mails Invalid final delivery userid: [EMAIL PROTECTED]
in my virus.cfg I have
# The FORGINGVIRUS option is used to list viruses that forge the return
address, so Declude
# can replace the name of the sender with [Forged].
#
FORGINGVIRUSKlez
FORGINGVIRUSSobig
I thought Declude will report this only to the postmaster and the receiver,
and not to the sender?? ;-)
To prevent the notifications from getting sent to the sender of viruses
such as Klez (where the return address is forged), you would also need to
have the following lines at the top of the
Below is an email I recieved. What is happening? How do I stop it?
As you mentioned in the previous E-mail, there are some viruses that forge
the return address.
To stop it in this case, you should have SKIPIFVIRUSVIRUSNAME Bugbear in
your \IMail\Declude\sender.eml and
PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 15, 2002 5:55 PM
Subject: [Declude.Virus] Forged request
The Declude Virus software on acsworld.com has reported that you were
sent an E-mail from [Forged], containing the : W32/Klez.H@mm virus in
the
Unknown File attachment. The subject
Hopefully Scott is taking a long lunch break. (He deserves it.) I am sure he
will answer this when he has a chance.
Until then;
I think the problem is that the From address in the header is not the same
as the one that Imail receives it from.
Therefore, for that to work would require a
Hopefully Scott is taking a long lunch break. (He deserves it.) I am sure he
will answer this when he has a chance.
Most likely, we will not be able to add code to alter the headers. It's
something we haven't done before, and don't want to do unless absolutely
necessary.
In this case, it's
: John Tolmachoff [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 15, 2002 6:50 PM
Subject: RE: [Declude.Virus] Forged request
Hopefully Scott is taking a long lunch break. (He deserves it.) I am sure
he
will answer this when he has a chance.
Until then;
I think the problem
on 10/15/02 3:02 PM, R. Scott Perry wrote:
In this case, it's more of an educational issue than a programming
issue.
Education might happen at a corporate institution, but it isn't going to
happen at an ISP with thousands of customers.
A simple example of why education won't work at an ISP.
I'm sure you've handed out the info b4, but can you point me to the info on
FORGINGVIRUS option?
TY
Andrew
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 11, 2002 8:11 AM
Subject: Re: [Declude.Virus] forged, what would that mean
here's a copy of my latest virus alert, I've never seen [forged] before, I
have relay turned off.
The Klez virus forges the return address, that's all that means. The
[Forged] is used in conjunction with the FORGINGVIRUS option, so that
you won't get mad at the person who apparently sent you
Scott,
I recently added the FORGINGVIRUS tag to my virus.cfg. It works great.
However, I have some users that would like to see the real address. I
told them that it is a server wide setting. I looked in the log file
and I see that it had been changed there as well. Is it possible to
save
I recently added the FORGINGVIRUS tag to my virus.cfg. It works great.
However, I have some users that would like to see the real address. I
told them that it is a server wide setting. I looked in the log file
and I see that it had been changed there as well. Is it possible to
save the FROM
12 matches
Mail list logo
