[EMAIL PROTECTED] said the following on 6/14/2005 7:35 PM:
I have an intra VLAN network which hops subnets and networks. All Cisco,
all working normally.
We presently have a virus on one computer and we are trying to zero in
on its origin on our LAN
QMail will tell us the user name ([EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>) but not the original true IP address or
computer name
Level = debug for both ClamAV and Qmail but the only origin IP we get is
that of the gateway.
I have meticulously examined every possible log in /var/logs/./. and all
ClamAV logs and all qmail scanner logs.
nothing
zip
zero
only gateway IP is available!
Does anyone know where to look for an email true origin or initialize a
higher level of debug?
Brad Sumrall
Just a stab, here - but have you got any emails that this rogue machine
has sent?
Anything in the headers?