sobig and MS headers
Peter Peters
P.G.M.Peters at utwente.nl
Tue Aug 19 15:56:27 IST 2003
On Tue, 19 Aug 2003 10:42:22 -0400, you wrote:
>> 4) The email has previously passed through a Mailscanner at another site
>> without an up-to-date set of virus identitiy files?
>
>Nope. I just took a closer look at the headers. The email was sent
>internal to our domain and the only servers it passed through that were
>running MS were our internal relays. I admin them all, so I know.
>
>Looks to be a faked MailScanner header.
At first I didn't see them. But suddenly I got a few like below:
|X-MailScanner: Found to be clean
|X-UTwente-MailScanner: Found to be infected
The best way around this problem is "personalize" the X-headers so you
can see what happened. I have been able to find a rogue spamassassin
once because I could link all X-headers but one to all machines but one.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
More information about the MailScanner
mailing list