On Tue, 1 Jul 2003, Russell Coker wrote:
> On Tue, 1 Jul 2003 10:04, Antony Stone wrote:
> > On Tuesday 01 July 2003 12:54 am, Russell Coker wrote:
> > > Guys, what's going on here?
> > >
> > > Are these messages really originating with you as they claim or are they
> > > getting @wirex.com tacked on the end of the address?
> >
> > The Sobig virus spoofs the sender address, so what you see is not where it
> > appears to be from.
>
> Yes, we all know that.
>
> However those "notifications" about viruses are coming from mail.wirex.com.
> Either a wirex server is running an anti-virus program and spamming their own
> list, or their list server is obscuring the real origin of the messages.
Actually that message did *not* come from Wirex. Read the headers again.
Received: from po.integra-pc.com (unknown [209.92.185.230]) by
mail.wirex.com (Postfix) with ESMTP id 783E62EFCD for
<linux-security-moduleat_private>; Mon, 30 Jun 2003 12:21:57 -0700
(PDT)
> In either case they have to fix it.
We would if it was our problem. That virus scanner for Exchange forges
the from header.
Someone at integra-pc.com and/or 209.92.185.230 needs to not bounce virus
traffic into lists.
Even more, someone else needs to update their anti-virus software.
Of couse, it is not the dumbest thing I have seen a virus scan do as of
late. Some see PGP sigs as viruses. One even claimed that an attached C
program was a virus.
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 30 2003 - 17:28:32 PDT