Oh yeah, welcome to the brave new world. Since Monday, we are seeing a 100 fold increase in spoofing massmailer emails. Opening up the headers and examining the path of servers the email took to its destination is the only way to identify the originating machine or mail server (SOBIG.F has its own SMTP server, so mostly it just contacts the destination mail server directly). The problem is that there isn't a single mail server AV product out there 'smart' enough to interpret these headers, and most people who run mail servers don't understand that. So, they happily let the AV software read the (easily forged) From: header and direct its alerts to whoever is listed in there. The amount of fun this can cause is amazing, as mail servers take one mail message and multiply it by two (the alerts) or three (what happens when the From: doesn't exist but the domain does?) or more (the various permutations are limited only by your imagination). Basically, the only moral thing to do is turn off emailed autoalerts on mail server AV software until it gets better. Henry > -----Original Message----- > From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx] > Sent: Wednesday, August 20, 2003 11:06 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] OT: viruses spoofing my e-mail addy > > > Just wondering if anyone else is getting messages from other people > gateways saying they got a virus attachment from your mail box addy. > > I have gotten several this am and the exchange server, > MetaFrame boxes I > am using all show as clean. Which leads me to believe that since my > address is out there so much on the internet that it is being > spoofed as > the reply to: > > Comments? > > Ron Oglesby > Senior Technical Architect > > RapidApp > Office 312.372.7188 > Mobile 815.325.7618 > email roglesby@xxxxxxxxxxxx > > ******************************************************** > This Week's Sponsor: RES PowerFuse, The Management Framework > for Windows > Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs > Manage, Control, and Secure an Entire Windows environment > with Ease, including Real-time Reporting and Documenting Components > Validate a Meaningful ROI on All of your IT Investments with > RES PowerFuse. > http://www.respowerfuse.com/ > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thethin.net/links.cfm > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thethin.net/citrixlist.cfm > ******************************************************** This Week's Sponsor: RES PowerFuse, The Management Framework for Windows Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs Manage, Control, and Secure an Entire Windows environment with Ease, including Real-time Reporting and Documenting Components Validate a Meaningful ROI on All of your IT Investments with RES PowerFuse. http://www.respowerfuse.com/ ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm