I'm running Declude v1.76i14, and it is my understanding that this version
will lookup the virus name via DNS to see if it's forging or not.
Correct.
It appears that the below virus is forging, but I believe my logs show it
trying to send a notification to the sender.
We've updated our server
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 05, 2003 11:29 PM
Subject: RE: [Declude.Virus] FORGING VIRUS
Hi;
Just in case Scott is taking a day off...
The way we do this is by first adding:
FORGINGVIRUS Braid
FORGINGVIRUS Bridex
FORGINGVIRUS Bugbear
FORGINGVIRUS Hybris
the from adress still shows in the header
is is the forged adress?
is there a way to eliminate this?
No, that can not be changed (Declude never modifies any of the E-mail
headers). One option would be to remove the %HEADERS% variable to
eliminate the headers from the notifications.
I have
