RE: Dealing with Klez noticies
- From: "Julio Danoviz" <jedanoviz@xxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 22 Aug 2002 13:08:55 -0300
I agree and to prove this you can check email headers to verify the IP address
where the message comes from.
-----Original Message-----
From: Robert Abela [mailto:robert@xxxxxxx]
Sent: Thu 22/08/2002 11:18
To: [ExchangeList]
Cc:
Subject: [exchangelist] RE: Dealing with Klez noticies
http://www.MSExchange.org/
yes you are correct. Klez doesn't keep the real from address.. so it
can be seen as it was sent from someone who is not infected
-----Original Message-----
From: Darien Allen [mailto:drallen@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 22, 2002 4:03 PM
To: [ExchangeList]
Subject: [exchangelist] Dealing with Klez noticies
http://www.MSExchange.org/
I've had an influx of a few users who are receiving administrative
notices from other servers that the emails they are sending out are
infected with Klez. As you know Klez works by attaching to the "To"
portion of the email ANY email address it finds in the addressbook of
the infected user. So that it looks like it's coming from a different
person that the one whose really infected. I've told my users that there
systems are clean (I've run 2 different Klez detection utilities to
confirm this) and that there unfortunately isn't anything I can do as
the infected person could be anyone who has ever sent them an email
address. Am I correct in this regard?
Darien Allen
Center for Poverty Solutions
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/02
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
robert@xxxxxxx
To unsubscribe send a blank email to
leave-exchangelist-1047537C@xxxxxxxxxxxxx
This mail was content checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection and anti-virus for Exchange &
SMTP servers. Spam, viruses, dangerous attachments and
offensive content are removed automatically. Key features
include: Multiple virus engines; Email content & attachment
checking; Exploit shield - email intrusion detection & defence;
Email threats engine - analyses & defuses HTML scripts,
.exe files & more.
In addition to GFI MailSecurity, GFI also produces the GFI
FAXmaker fax server & GFI LANguard network security product
ranges. For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by GFI MailEssentials
for Exchange/SMTP.
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
jedanoviz@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
leave-exchangelist-1047537C@xxxxxxxxxxxxx
Other related posts:
