> Odd; I haven't seen anything from you (yet?)... That is because mine is set up correctly and not using those so-called top notch AV scanners that charge both arms and both legs and wanted the nose too, ah, but that is another topic. > What you see is what I got. I need the headers of the notice so I can ID the admin. > The smartassed remark at the end of his autoresponder was just icing on the > turd. Why do you think I recognized it? Here is an excerpt from my notice to the postmaster of mail server of the sending domain: _____________________________________________________________ "The Declude software on our mail server (v.%VERSION%) detected the %VIRUSNAME% virus that appears to have come through your mail server (%REMOTEIP%). It was sent in an attachment %VIRUSFILE%, from %MAILFROM% to %ALLRECIPS%, with the subject "%SUBJECT%". The Message-ID was: %MSGID%. If your mail server had virus protection, it would have caused less work for our server and would have likely prevented one of your users from getting a virus in the first place, or from spreading it! Please note that some viruses forge the headers. If you are sure that the e-mail noted above did not come from your server and the virus listed is known to forge headers, you may safely choose to disregard this notice." __________________________________________________________________ I have posted that on the forum for that software a couple of times as an example. Others use one that is toned down a bit. BTW, that is my wording, not some one elses. That is why I would like to correct that admin. They do not have the forged configuration set. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com