BTW, why do you bother responding to virus mail since over 80% of it uses a spoofed source address? I see it as a huge waste of my own server's resources and it's busy enough dropping spam and blocking virii... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 05, 2003 16:46 Subject: [isalist] Re: OT: virus in list http://www.ISAserver.org > Odd; I haven't seen anything from you (yet?)... That is because mine is set up correctly and not using those so-called top notch AV scanners that charge both arms and both legs and wanted the nose too, ah, but that is another topic. > What you see is what I got. I need the headers of the notice so I can ID the admin. > The smartassed remark at the end of his autoresponder was just icing on the > turd. Why do you think I recognized it? Here is an excerpt from my notice to the postmaster of mail server of the sending domain: _____________________________________________________________ "The Declude software on our mail server (v.%VERSION%) detected the %VIRUSNAME% virus that appears to have come through your mail server (%REMOTEIP%). It was sent in an attachment %VIRUSFILE%, from %MAILFROM% to %ALLRECIPS%, with the subject "%SUBJECT%". The Message-ID was: %MSGID%. If your mail server had virus protection, it would have caused less work for our server and would have likely prevented one of your users from getting a virus in the first place, or from spreading it! Please note that some viruses forge the headers. If you are sure that the e-mail noted above did not come from your server and the virus listed is known to forge headers, you may safely choose to disregard this notice." __________________________________________________________________ I have posted that on the forum for that software a couple of times as an example. Others use one that is toned down a bit. BTW, that is my wording, not some one elses. That is why I would like to correct that admin. They do not have the forged configuration set. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')