Hi, Thanks to the 1.70i4 mishap we finally had the rare opportunity, to actually receive some of these viruses that normally get blocked by Declude. I noticed, that our recipient notifications use the following variables:
%REMOTEHOST%, %SENDERHOST%, %LOCALHOST%, %RECIPHOST% But none of them list the "HELO" name used by the infected workstation (which, in case of BugBear.B may show me the name of the Windows Workstation who's spreading the virus.) Scott, I noticed that the above four variables are 50% redundant - yet, none of them truly inserts the "sender" host (e.g., the configured name used in the HELO). Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.HM-Software.com/ -----Original Message----- From: Postmaster [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 02:22 PM To: [EMAIL PROTECTED] Subject: Virus Firewall has Blocked an Email to You Argos Networks' Virus Firewall has rejected an incoming message sent to 1 recipient(s). It was using a "from" address of [Forged]. (Please note, some vira have the ability to forge the email address of the sender.) The message with the subject of "virus bei mir angekommen" carried a virus: File: "Old Excel Documents.lnk.zlo" Result: Found the W32/[EMAIL PROTECTED] virus !!! For more information see http://vil.mcafee.com/. TRACKING INFORMATION Their Domain: t-online.de for t-online.de (may be forged!) IP Address: 194.25.134.80 Message ID: <[EMAIL PROTECTED]> Our Domain: hm-software.com for hm-software.com Queue ID: Ddbd212f50202d9a9.SMD of 06/06/2003 14:22:14 Version: 1.70 TRACKING FORGED SENDERS If the infected email came from a "forged" sender, then it is often impractical to track down the actual infected party. The following two links can help identify either the ISP or the organisation, who owns the IP address that the infected party was using: http://www.dnsstuff.com/tools/whois.ch?ip=194.25.134.80 http://www.dnsstuff.com/tools/ptr.ch?ip=194.25.134.80 IMPORTANT LEGAL NOTICE As a courtesy to customers, we attempt to block incoming vira before they reach your mailbox. However, Argos Networks cannot warrant that this will always be successful. We do not accept any liability in case a virus passes through. You are solely responsible for taking your own protective measures to avoid any infections of your computers. Sincerely, Argos Networks http://www.ArgosWeb.net/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
