Here y'go! Return-Path: <postmaster@xxxxxxxxxxxxxxxxxxxxxx> X-Real-To: <jim@xxxxxxxxxxxx> Received: from <postmaster@xxxxxxxxxxxx> by jalojash.org (CommuniGate Pro RULES 4.0.5) with RULES id 1167220; Thu, 05 Jun 2003 00:32:11 -0700 X-Autogenerated: Mirror X-Mirrored-by: <postmaster@xxxxxxxxxxxx> X-Real-To: <postmaster@xxxxxxxxxxxx> Received: from <postmaster@xxxxxxxxxxxx> by jalojash.org (CommuniGate Pro RULES 4.0.5) with RULES id 1167219; Thu, 05 Jun 2003 00:32:11 -0700 X-Autogenerated: Mirror X-Mirrored-by: <postmaster@xxxxxxxxxxxx> X-Real-To: <postmaster@xxxxxxxxxxxx> Received: from [216.17.3.101] (HELO smtpin2.usinternet.com) by jalojash.org (CommuniGate Pro SMTP 4.0.5) with ESMTP id 1167218 for postmaster@xxxxxxxxxxxx; Thu, 05 Jun 2003 00:32:11 -0700 Date: Thu, 5 Jun 2003 02:32:08 -0500 Message-Id: <200306050232.AA2007433518@xxxxxxxxxxxxxxxxxxxxxx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "Postmaster" <postmaster@xxxxxxxxxxxxxxxxxxxxxx> Reply-To: <postmaster@xxxxxxxxxxxxxxxxxxxxxx> To: <postmaster@xxxxxxxxxxxx> Subject: Your mail server sent us a virus X-Mailer: <IMail v7.15> Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 05, 2003 16:46 Subject: [isalist] Re: OT: virus in list http://www.ISAserver.org > Odd; I haven't seen anything from you (yet?)... That is because mine is set up correctly and not using those so-called top notch AV scanners that charge both arms and both legs and wanted the nose too, ah, but that is another topic. > What you see is what I got. I need the headers of the notice so I can ID the admin. > The smartassed remark at the end of his autoresponder was just icing on the > turd. Why do you think I recognized it? Here is an excerpt from my notice to the postmaster of mail server of the sending domain: _____________________________________________________________ "The Declude software on our mail server (v.%VERSION%) detected the %VIRUSNAME% virus that appears to have come through your mail server (%REMOTEIP%). It was sent in an attachment %VIRUSFILE%, from %MAILFROM% to %ALLRECIPS%, with the subject "%SUBJECT%". The Message-ID was: %MSGID%. If your mail server had virus protection, it would have caused less work for our server and would have likely prevented one of your users from getting a virus in the first place, or from spreading it! Please note that some viruses forge the headers. If you are sure that the e-mail noted above did not come from your server and the virus listed is known to forge headers, you may safely choose to disregard this notice." __________________________________________________________________ I have posted that on the forum for that software a couple of times as an example. Others use one that is toned down a bit. BTW, that is my wording, not some one elses. That is why I would like to correct that admin. They do not have the forged configuration set. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')