Re: Virus origin
From: srm (user_at_nospam.org)
Date: 11/22/04
- Next message: kurt wismer: "Re: Malware Triangle"
- Previous message: Ant: "Re: Malware Triangle"
- In reply to: Peter Pearson: "Re: Virus origin"
- Next in thread: Hairy One Kenobi: "Re: Virus origin"
- Reply: Hairy One Kenobi: "Re: Virus origin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Nov 2004 22:56:00 +0100
Peter Pearson wrote:
> srm wrote:
>> According to the 'Received:' trace, the message originated at:
>> host217-42-163-55.range217-42.btcentralplus.com ([217.42.163.55]
>> helo=frenchentree.com)
>
> The sender can insert false "Received:" lines, but these will
> all appear *after* the valid "Received:" lines inserted by
> the legitimate mail transporters that subsequently handle the
> message. Work your way down the "Received:" lines until you
> come to a "by" that you don't trust. Ignore that and all
> subsequent "Received:" lines: they may be fake.
The 'Received' header I quoted was the oldest (ie, the first) in the chain.
Many of the virus mails we're receiving have the first Received header
suggesting they've been mailed via a dial-up node near him on a system
(Wanadoo) I know he uses. But I spoke to him today and here swears he's up
to date with all AV scanners, firewall etc. It's just that I also know he's
not brilliantly technical.
It doesn't worry me too much - we're on Linux here and the Amavis/AntiVir
system seems to be intercepting everything. It's just annoying having had
to make space for around 250 virus emails in the past 5 days, not to
mention the waste of bandwidth...
-- @+
- Next message: kurt wismer: "Re: Malware Triangle"
- Previous message: Ant: "Re: Malware Triangle"
- In reply to: Peter Pearson: "Re: Virus origin"
- Next in thread: Hairy One Kenobi: "Re: Virus origin"
- Reply: Hairy One Kenobi: "Re: Virus origin"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
