So, it must be in some detail that not in %headers%.
I take it that Declude will send it to the "Mail from". Looks like I'll be testing with Swen Not forging.
Greg Little
Declude Virus Ver. 1.78i11 caught the the W32/[EMAIL PROTECTED] virus !!! virus in installer87.exe from [Forged] to: [EMAIL PROTECTED]
Date: 03/06/2004 04:26:40 Subject: New Upgrade Spool File: D994a044a012c7b3e.SMD Remote IP: 211.1.69.194
In or Out: incoming recipient host: thecourier.com Sender Host: watv.ne.jp
Headers: Received: from mail.watv.ne.jp [211.1.69.194] by aristotle.thecourier.com with ESMTP (SMTPD32-8.05) id A94A44A012C; Sat, 06 Mar 2004 04:26:34 -0500 Received: from vdtpw (watv061215118115.watv.ne.jp [61.215.118.115]) by mail.watv.ne.jp (3.7Wpl21.0) with SMTP id SAA29658; Sat, 6 Mar 2004 18:23:36 +0900 (JST) Date: Sat, 6 Mar 2004 18:23:36 +0900 (JST) Message-Id: <[EMAIL PROTECTED]> FROM: "MS Technical Support" <[EMAIL PROTECTED]> TO: "Microsoft Corporation Partner" <[EMAIL PROTECTED]> SUBJECT: New Upgrade Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ereflgesxiszas"
--- [This E-mail scanned for viruses by Findlay Internet]
Declude Virus Ver. 1.78i11 caught the the W32/[EMAIL PROTECTED] virus !!! virus in aibogwws.exe from [Forged] to: [EMAIL PROTECTED]
Date: 03/06/2004 04:39:22 Subject: Error Announcement Spool File: D9c44046401481b33.SMD Remote IP: 211.1.69.194
In or Out: incoming recipient host: thecourier.com Sender Host: watv.ne.jp
Headers: Received: from mail.watv.ne.jp [211.1.69.194] by aristotle.thecourier.com with ESMTP (SMTPD32-8.05) id AC444640148; Sat, 06 Mar 2004 04:39:16 -0500 Received: from vdfuwqjk (watv061215118115.watv.ne.jp [61.215.118.115]) by mail.watv.ne.jp (3.7Wpl21.0) with SMTP id SAA29776; Sat, 6 Mar 2004 18:24:15 +0900 (JST) Date: Sat, 6 Mar 2004 18:24:15 +0900 (JST) Message-Id: <[EMAIL PROTECTED]> FROM: "MS Inet Storage Service" <[EMAIL PROTECTED]> TO: "Inet Recipient" <[EMAIL PROTECTED]> SUBJECT: Error Announcement Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="kmjwmzz"
--- [This E-mail scanned for viruses by Findlay Internet]
Matt wrote:
Just to clarify. Swen forges the From address, but not the Mail From address.
I'm reevaluating my choice to only send recipient notices. I may just change to sender notifications only with SKIPIFFORGING.
Matt
R. Scott Perry wrote:
Yes, Swen forges.
FWIW, we haven't yet seen a single copy of Swen that forges.
-Scott
--- [This E-mail scanned for viruses by Findlay Internet]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
