>Has anyone had experience or any suggestions for tracking Sobig? FWIW, all of mine today seem to be coming from 160.36.4.117 The University of Tennessee...
Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Katie La Salle-Lowery Sent: Thursday, August 21, 2003 12:09 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] WAY OT--Tracking Sobig Hi all, Those who don't want to waste their time on non-Imail issues please move on now... I have a connectivity customer who has an GroupWise mail server behind a Symantec Gateway. Sobig isn't getting through to his mail server. However, the quantity is such that the Symantec Gateway is so overworked that his legit mail is suffering a massive slow-down. He has observed that Sobig spoofs the sending address. I observed the same when we got a message to an alias saying that the alias address had sent Sobig. He's wondering if there is a way to track it back and notify the owner of the infected machine and thereby hopefully reduce the volume they are receiving. I've asked him to send me the headers from a quarantined message so I can investigate. His first attempt to do so was unopenable to me. I'm awaiting his next attempt. Has anyone had experience or any suggestions for tracking Sobig? I haven't seen any samples of Sobig.F. YEAH for Imail rules! Maybe not perfect but helpful, anyway... Thanks, Katie To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
