Hi,
Some of my system users periodically receive an Win95.Hybris.Gen.dr
infected EXE file. I tried to trace down the sender, but unfortunately i'm
pretty lame interpreting the mail header. It goes like this:
Envelope-to: [EMAIL PROTECTED]
Received: from [212.108.236.133] (helo=d4t2e9)
by mydomain.com with smtp (Exim 3.16 #1 (Debian))
id 149C7D-0000vQ-00
for <[EMAIL PROTECTED]>; Thu, 21 Dec 2000 21:15:04 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE74123GD23SXEF4TEZW167"
Message-Id: <[EMAIL PROTECTED]>
From: Remote Mail Delivery System <>
Bcc:
Date: Thu, 21 Dec 2000 21:15:04 +0100
Status:
X-PMFLAGS: 570949760 0 1 P29A60.CNM
1. What is the 'Envelope-to' line?
2. What was the route of this mail? It looks that my system relayed the
given host's outgoing mail. It's impossible, I've told exim not to do so
(I think :)
It's very annoying to get this exe file every month, so if I cannot find
out who the sender is, it would be great to block these letters. How can I
do this?
Thanx:
Pocok
PS. Please forgive me if I'm too off-topic, I think other admins may find
the replys useful if this virus occurs to them.
