Re: OT: virus in list

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 5 Jun 2003 16:46:33 -0700

> Odd; I haven't seen anything from you (yet?)...

That is because mine is set up correctly and not using those so-called top
notch AV scanners that charge both arms and both legs and wanted the nose
too, ah, but that is another topic.

> What you see is what I got. 

I need the headers of the notice so I can ID the admin.

> The smartassed remark at the end of his autoresponder was just icing on
the
> turd.

Why do you think I recognized it? Here is an excerpt from my notice to the
postmaster of mail server of the sending domain:
_____________________________________________________________
"The Declude software on our mail server (v.%VERSION%) detected the 
%VIRUSNAME% virus that appears to have come through your mail server 
(%REMOTEIP%). It was sent in an attachment %VIRUSFILE%, from %MAILFROM% 
to %ALLRECIPS%, with the subject "%SUBJECT%".  The Message-ID was: %MSGID%.

If your mail server had virus protection, it would have caused less work for
our server and would have likely prevented one of your users from getting a
virus in the first place, or from spreading it!

Please note that some viruses forge the headers. If you are sure that the
e-mail 
noted above did not come from your server and the virus listed is known to
forge 
headers, you may safely choose to disregard this notice."
__________________________________________________________________

I have posted that on the forum for that software a couple of times as an
example. Others use one that is toned down a bit. BTW, that is my wording,
not some one elses. That is why I would like to correct that admin.

They do not have the forged configuration set.

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com




Other related posts: