Re: OT: virus in list

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 5 Jun 2003 16:59:19 -0700

Here y'go!

Return-Path: <postmaster@xxxxxxxxxxxxxxxxxxxxxx>
X-Real-To: <jim@xxxxxxxxxxxx>
Received: from <postmaster@xxxxxxxxxxxx>
  by jalojash.org (CommuniGate Pro RULES 4.0.5)
  with RULES id 1167220; Thu, 05 Jun 2003 00:32:11 -0700
X-Autogenerated: Mirror
X-Mirrored-by: <postmaster@xxxxxxxxxxxx>
X-Real-To: <postmaster@xxxxxxxxxxxx>
Received: from <postmaster@xxxxxxxxxxxx>
  by jalojash.org (CommuniGate Pro RULES 4.0.5)
  with RULES id 1167219; Thu, 05 Jun 2003 00:32:11 -0700
X-Autogenerated: Mirror
X-Mirrored-by: <postmaster@xxxxxxxxxxxx>
X-Real-To: <postmaster@xxxxxxxxxxxx>
Received: from [216.17.3.101] (HELO smtpin2.usinternet.com)
  by jalojash.org (CommuniGate Pro SMTP 4.0.5)
  with ESMTP id 1167218 for postmaster@xxxxxxxxxxxx; Thu, 05 Jun 2003
00:32:11 -0700
Date: Thu,  5 Jun 2003 02:32:08 -0500
Message-Id: <200306050232.AA2007433518@xxxxxxxxxxxxxxxxxxxxxx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "Postmaster" <postmaster@xxxxxxxxxxxxxxxxxxxxxx>
Reply-To: <postmaster@xxxxxxxxxxxxxxxxxxxxxx>
To: <postmaster@xxxxxxxxxxxx>
Subject: Your mail server sent us a virus
X-Mailer: <IMail v7.15>


 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 05, 2003 16:46
Subject: [isalist] Re: OT: virus in list


http://www.ISAserver.org


> Odd; I haven't seen anything from you (yet?)...

That is because mine is set up correctly and not using those so-called top
notch AV scanners that charge both arms and both legs and wanted the nose
too, ah, but that is another topic.

> What you see is what I got.

I need the headers of the notice so I can ID the admin.

> The smartassed remark at the end of his autoresponder was just icing on
the
> turd.

Why do you think I recognized it? Here is an excerpt from my notice to the
postmaster of mail server of the sending domain:
_____________________________________________________________
"The Declude software on our mail server (v.%VERSION%) detected the
%VIRUSNAME% virus that appears to have come through your mail server
(%REMOTEIP%). It was sent in an attachment %VIRUSFILE%, from %MAILFROM%
to %ALLRECIPS%, with the subject "%SUBJECT%".  The Message-ID was: %MSGID%.

If your mail server had virus protection, it would have caused less work for
our server and would have likely prevented one of your users from getting a
virus in the first place, or from spreading it!

Please note that some viruses forge the headers. If you are sure that the
e-mail
noted above did not come from your server and the virus listed is known to
forge
headers, you may safely choose to disregard this notice."
__________________________________________________________________

I have posted that on the forum for that software a couple of times as an
example. Others use one that is toned down a bit. BTW, that is my wording,
not some one elses. That is why I would like to correct that admin.

They do not have the forged configuration set.

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » OT: virus in list
• » RE: OT: virus in list
• » RE: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list
• » Re: OT: virus in list

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription