This is a newbie question, I'm sure. Please bear with me. I have searched
the archives but either the answer is not in there or I haven't thought of
the right search terms.
When Clam AV notifies me that it detected (and deleted) a virus on my email
server, it sends the message I have included below. Is the IP address it
reports a legitimate way of tracing what the last point of exit for the
email was? In other words, does it show what machine it originated from or
at least what firewall it passed through last? When I had an infection in
house, I was able use the IP to track the machines very quickly because I
use a fake ip schema inside. If we receive several from the same IP and
samspade.org tracks it to a certain domain, is it worth my while to notify
their admin that something behind their firewall is spewing viruses? (The
biggest offender currently APPEARS to be our state department. Sigh.)
Or do the viruses spoof the IP address in addition to the sender field?
Also, is there any downside to disabling the server from notifying the
"sender" of infected emails, given that most viri these days forge the
sender field? I was getting too many delivery failure messages so I turned
that feature off. Now I am the only one getting the notification.
--------------------
Sample Notification:
--------------------
The following e-mail messages were found to have viruses in them:
Sender: [EMAIL PROTECTED]
IP Address: 64.8.162.162
Recipient: [EMAIL PROTECTED]
Subject: Important notify about your e-mail account.
MessageID: i2IGkaH22647
Report: text_document.pif contains Worm.Bagle.N
Shortcuts to MS-Dos programs are very dangerous in email
(text_document.pif)
--
AV-Suite
Email Virus Scanner
---------------------
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
