Tilman Schmidt wrote: >> telnet isps-smtp-server 25
> In my experience that's very unusual behaviour for a virus. > The vast majority try to connect directly to the recipient's MX. I see both. I see malware that connects directly from end-user PCs, and more sophisticated malware that actually breaks CAPTCHAs on Hotmail/GMail/etc. and sends via those services. I've also seen malware that checks the user's Outlook settings and sends via the configured SMTP server (though that case is admittedly the rarest.) Regards, David. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
