RE: Dealing with Klez noticies

  • From: "Robert Abela" <robert@xxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 22 Aug 2002 16:18:31 +0200

yes you are correct.  Klez doesn't keep the real from address.. so it can be 
seen as it was sent from someone who is not infected

-----Original Message-----
From: Darien Allen [mailto:drallen@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 22, 2002 4:03 PM
To: [ExchangeList]
Subject: [exchangelist] Dealing with Klez noticies

I've had an influx of a few users who are receiving administrative
notices from other servers that the emails they are sending out are
infected with Klez. As you know Klez works by attaching to the "To"
portion of the email ANY email address it finds in the addressbook of
the infected user. So that it looks like it's coming from a different
person that the one whose really infected. I've told my users that there
systems are clean (I've run 2 different Klez detection utilities to
confirm this) and that there unfortunately isn't anything I can do as
the infected person could be anyone who has ever sent them an email
address. Am I correct in this regard?

Darien Allen
Center for Poverty Solutions

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/02

You are currently subscribed to this Discussion List as: 
To unsubscribe send a blank email to $subst('Email.Unsub')

This mail was content checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content 
checking, exploit detection and anti-virus for Exchange & 
SMTP servers. Spam, viruses, dangerous attachments and
offensive content are removed automatically. Key features 
include: Multiple virus engines; Email content & attachment 
checking; Exploit shield - email intrusion detection & defence; 
Email threats engine - analyses & defuses HTML scripts, 
.exe files & more. 

In addition to GFI MailSecurity, GFI also produces the GFI 
FAXmaker fax server & GFI LANguard network security product 
ranges. For more information on our products, please visit This disclaimer was sent by GFI MailEssentials 
for Exchange/SMTP.

Other related posts: