On Friday 06 January 2006 08:48, [EMAIL PROTECTED] wrote: > Leif Neland wrote: > >>> Ok, i see you must have experience. Are there really so many > >>> virussender who specify a fake REAL EXIST mail address? > >>> > >>> Michael Neurohr > >> > >> Many viruses harvest email addresses from the infected PC user's > >> address book and inbox etc and use these as the "From:" address. > >> > >> And I can verify that this is the case from the number of virus > >> bounces we get from clueless sites which still insist on sending the > >> (spoofed) senders virus warnings. > > > > What you can (in most cases) see is the ip of the infected machine. > > Bingo. I'd have a little more respect for AV programs if, instead of > reporting to the envelope-sender, they did a WHOIS lookup on the sending IP > and emailed the virus notification to the responsible party for the > narrowest containing subnet.
well, the problem with that is.. there's really no unified format for knowing where to send these reports from a machine point of view. I've considered doing stuff like this myself, but I realized after investigating it how stupid difficult it is to even start trying to do it. good idea, but the infrastructure is not in place in the backend to be able to make it possible. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob.
pgpunMbN17sXz.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
