RE: Dealing with Klez noticies

  • From: "Julio Danoviz" <jedanoviz@xxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 22 Aug 2002 13:08:55 -0300

I agree and to prove this you can check email headers to verify the IP address 
where the message comes from.

        -----Original Message----- 
        From: Robert Abela [mailto:robert@xxxxxxx] 
        Sent: Thu 22/08/2002 11:18 
        To: [ExchangeList] 
        Subject: [exchangelist] RE: Dealing with Klez noticies
        yes you are correct.  Klez doesn't keep the real from address.. so it 
can be seen as it was sent from someone who is not infected
        -----Original Message-----
        From: Darien Allen [mailto:drallen@xxxxxxxxxxxxxxxxxxxx]
        Sent: Thursday, August 22, 2002 4:03 PM
        To: [ExchangeList]
        Subject: [exchangelist] Dealing with Klez noticies
        I've had an influx of a few users who are receiving administrative
        notices from other servers that the emails they are sending out are
        infected with Klez. As you know Klez works by attaching to the "To"
        portion of the email ANY email address it finds in the addressbook of
        the infected user. So that it looks like it's coming from a different
        person that the one whose really infected. I've told my users that there
        systems are clean (I've run 2 different Klez detection utilities to
        confirm this) and that there unfortunately isn't anything I can do as
        the infected person could be anyone who has ever sent them an email
        address. Am I correct in this regard?
        Darien Allen
        Center for Poverty Solutions
        Outgoing mail is certified Virus Free.
        Checked by AVG anti-virus system (
        Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/02
        You are currently subscribed to this Discussion List as: 
        To unsubscribe send a blank email to 
        This mail was content checked for malicious code and viruses
        by GFI MailSecurity. GFI MailSecurity provides email content
        checking, exploit detection and anti-virus for Exchange &
        SMTP servers. Spam, viruses, dangerous attachments and
        offensive content are removed automatically. Key features
        include: Multiple virus engines; Email content & attachment
        checking; Exploit shield - email intrusion detection & defence;
        Email threats engine - analyses & defuses HTML scripts,
        .exe files & more.
        In addition to GFI MailSecurity, GFI also produces the GFI
        FAXmaker fax server & GFI LANguard network security product
        ranges. For more information on our products, please visit This disclaimer was sent by GFI MailEssentials
        for Exchange/SMTP.
        You are currently subscribed to this Discussion List as: 
        To unsubscribe send a blank email to 

Other related posts: