Does Lirva send from a genuine address?

Julian Field mailscanner at
Mon Jan 13 11:12:01 GMT 2003

At 10:11 13/01/2003, you wrote:
>----- Original Message -----
>From: "G Welter" <G.Welter at ROCLEIDEN.NL>
>Sent: Monday, January 13, 2003 9:26 AM
>Subject: Re: Does Lirva send from a genuine address?
> > >From the mcafee page you mentioned below:
> >
> > The worm uses the default SMTP server of the infected computer, and then
>adds either the address of the sender or a randomly selected email address
>to the "From:" line of the email.
> >
> > So it seems to me that the from address is bogus. So yes, it should be
>added to the silent viruses.

I can see us all slowly coming to the situation that we turn off sender
warnings altogether some time in the next year or so. Trouble is, this is
going to make the virus situation worse than ever as there will be
(practically) no way of finding the infected machines spewing out these
Julian Field
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list