Brad Knowles wrote:
At 1:49 AM -0500 2005-02-04, Dan Mahoney, System Admin wrote:
I checked the vette log. The message isn't even in there. Some of the auto-replies to it are (i.e. "message rejected, it's a virus"). And the message shows in the pipermail archives.
In that case, are you sure that the message passed through your system? Maybe the virus spoofed more than just your moderators address....
Here's the full headers of the thing:
Return-Path: <[EMAIL PROTECTED]> Received: from prime.gushi.org (localhost [IPv6:::1]) by prime.gushi.org (8.13.1/8.13.1) with ESMTP id j0S2GH5b080701 for <[EMAIL PROTECTED]>; Thu, 27 Jan 2005 22:50:56 -0500 (EST) Received: from ROBERTA.net (pcp08579508pcs.alxndr01.va.comcast.net [68.83.208.54]) by prime.gushi.org (8.13.1/8.13.1) with SMTP id j0S2FV8o080233 for <[EMAIL PROTECTED]>; Thu, 27 Jan 2005 21:15:35 -0500 (EST)
I only see two Received: headers here. This is not nearly enough. There's a lot of data that appears to be missing.
I think the two Received: headers could be enough considering the worm probably has it's own SMTP engine. The way to answer this for sure is to see if it is in the 'post' log.
I agree with Mark and would go even further that it is all you need to know. The pcp08579508pcs.alxndr01.va.comcast.net address, which is indicative of a Comcast end-user in Alexandria, Virginia, is plenty to know that the user that had the address at the particular time (Thu, 27 Jan 2005 21:15:35 -0500 (EST)) was infected with some type of worm.
Jeff G.
-- Law of Procrastination: Procrastination avoids boredom; one never has the feeling that there is nothing important to do. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org