Yeah... Klez is a real serious pain... It will randomly grab email addresses from an infected person's addressbook, OR it will grab email addresses from ANY file on ANY drive it has access to. It then will use these random addresses for the TO: field, and for the FROM field both in the envelope sender, as well as the FROM: in the message itself. This 'spoofing' of the SMTP envelope makes KLEZ a MAJOR pain in the butt.
Because of this, I had to disable the sender notification of qmail-scanner since it was telling people they had sent an infected email and they infact had not ever even sent us a message. Yesterday alone, qmail-scanner/Kaspersky on my email scanner stopped 196 inbound KLEZ infected emails. When will people stop using outlook? Sigh.... :( --- Bill Arlofski Unix/Novell Systems Administrator The Hotchkiss School [EMAIL PROTECTED] 860-435-3140 >>> "CertaintyTech - Ed Henderson" <[EMAIL PROTECTED]> 5/2/2002 12:20:12 PM >>>> I see that Klez changes the MAIL_FROM as compared to the "From:" address. I assume the From: is the correct one but of course Q-S sends a notice to the MAIL_FROM. Where does it get the MAIL_FROM address from? Are the notices being sent to the wrong person? THanks for any enlightenment, Ed. _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
