W32/Sobig.F virus header
David Sullivan
David.Sullivan at BARNET.AC.UK
Thu Aug 21 10:04:30 IST 2003
On 21 Aug 2003 at 10:23, Rabellino Sergio wrote:
> Dear julian,
> these are lines from the NAI website
>
> > The attachment must be run manually to infect the local system.
> > Additionally, messages sent by the virus contain the following
> > fields
> >
> > * X-MailScanner: Found to be clean
> > * X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> >
> > The virus sends itself via its own SMTP engine, which requires an
> > ESMTP server to send itself successfully. The virus does an MX
> > lookup on the target domain (ie. when sending itself to
> > user at domain.com, it sends though the servers specified in the MX
> > record for domain.com).
>
> :-) Are you going to be famous ? :-)
I know of at least one idiot who's filtering on "X-MailScanner: Found to be clean".
Hope they didn't want any mail from some mailscanner users.
David.
==============================================================
This communication may contain privileged or confidential information which
is for the exclusive use of the intended recipient. If you are not the
intended recipient, please note that you may not distribute or use this
communication or the information it contains. If this e-mail has reached you
in error, please delete it and any attachment.
Internet communications are not secure and Barnet College does not accept
legal responsibility for the content of this message. Any views or opinions
expressed are those of the author and not necessarily those of Barnet College.
Please note that Barnet College reserves the right to monitor the
source/destinations of all incoming or outgoing e-mail communications.
==============================================================
More information about the MailScanner
mailing list