[pmmail-list] Filtering with POPFile
Dave
pmmail-list@blueprintsoftwareworks.com
Mon, 08 Sep 2003 16:44:55 -0500
On Mon, 08 Sep 2003 17:31:02 -0400, John Swartzentruber wrote:
>On Mon, 08 Sep 2003 16:18:35 -0500, Dave wrote:
>
>>Do you want me to send the 68 I still have in my trash can? lol!
>>
>>Most have the X-Mailer line intact. All but 3 used Outlook Express.
>
>I wonder. Now that you mention it, I did see headers that a friend
>posted to a mailing list. If I recall, it had these:
>
>>X-MailScanner: Found to be clean
>>Importance: Normal
>>X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>
>
>I think we need to assume the X-MailScanner was added by the virus
>itself. I would assume that the X-Mailer was as well, and that it has
>nothing to do with the system it came from. I'm curious -- if all but
>three of yours used Outlook Express, did they also all use exactly the
>same version? And were they all "Found to be clean"?
>
>I don't believe anything in the header of a virus message except for
>the top "Received:" lines.
Yes, all had the same version of X-mailer. Here are the headers
I have received:
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
I think your suspicions are well-founded. It looks like the A-OK
message is forged as well.
Dave
- pmmail-list - The PMMail Discussion List ---------------------------
To POST to the list, send your message to:
pmmail-list@blueprintsoftwareworks.com
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com
with the first line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------