Re: OT: virus in list
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 Jun 2003 17:00:28 -0700
BTW, why do you bother responding to virus mail since over 80% of it uses a
spoofed source address?
I see it as a huge waste of my own server's resources and it's busy enough
dropping spam and blocking virii...
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 05, 2003 16:46
Subject: [isalist] Re: OT: virus in list
http://www.ISAserver.org
> Odd; I haven't seen anything from you (yet?)...
That is because mine is set up correctly and not using those so-called top
notch AV scanners that charge both arms and both legs and wanted the nose
too, ah, but that is another topic.
> What you see is what I got.
I need the headers of the notice so I can ID the admin.
> The smartassed remark at the end of his autoresponder was just icing on
the
> turd.
Why do you think I recognized it? Here is an excerpt from my notice to the
postmaster of mail server of the sending domain:
_____________________________________________________________
"The Declude software on our mail server (v.%VERSION%) detected the
%VIRUSNAME% virus that appears to have come through your mail server
(%REMOTEIP%). It was sent in an attachment %VIRUSFILE%, from %MAILFROM%
to %ALLRECIPS%, with the subject "%SUBJECT%". The Message-ID was: %MSGID%.
If your mail server had virus protection, it would have caused less work for
our server and would have likely prevented one of your users from getting a
virus in the first place, or from spreading it!
Please note that some viruses forge the headers. If you are sure that the
e-mail
noted above did not come from your server and the virus listed is known to
forge
headers, you may safely choose to disregard this notice."
__________________________________________________________________
I have posted that on the forum for that software a couple of times as an
example. Others use one that is toned down a bit. BTW, that is my wording,
not some one elses. That is why I would like to correct that admin.
They do not have the forged configuration set.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
