---- Original Message ----
From: "Randal, Phil" <[EMAIL PROTECTED]>
To: "ClamAV users ML" <clamav-users@lists.clamav.net>
Sent: Friday, January 06, 2006 12:23 PM
Subject: RE: [Clamav-users] RE: Report infected mail to the user
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many
virussender who specify a fake REAL EXIST mail address?
Michael Neurohr
Many viruses harvest email addresses from the infected PC user's
address book and inbox etc and use these as the "From:" address.
And I can verify that this is the case from the number of virus
bounces we get from clueless sites which still insist on sending the
(spoofed) senders virus warnings.
What you can (in most cases) see is the ip of the infected machine.
I trapped a virus which appearently originated at the ip of the firewall of
a company I know.
As I know they have no mailserver inside of their firewall (it's in the
DMZ), I called them and told they were infected.
Leif
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
