Re: Why is this virus being detected?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Eriq Neale wrote: 
On 2005-06-12 14:34:41 -0500, Joe <joe@xxxxxxxxxxxxxx> said:

wedor wrote:

I can't remember "ever" seeing an infected e-mail that needed to be kept, it's not like parts of it are ok and could be useful.

So is there a copy of the headers of incoming emails kept in a log
somewhere? I haven't found anything like that yet. I've always had
to drag the headers kicking and screaming out of Outlook, which seems
to consider that email headers are something to be ashamed of. I haven't
yet found anything in an Outlook/Exchange system that will display the
raw email in its entirety. If anyone knows otherwise...

I've always followed up on viruses received by clients, as they are
usually from either a customer or an associated company, and it is good
manners to warn people that they may be infected without knowing it.


The problem with that approach is that the latest round of viruses are using their own mail engines and spoofing the return addres, so even if you get a message that appears to come from one of your "important" clients, it's more likely that it came from someone who had the e-mail address of that important clien in their Outlook address book instead.

I agree with wedor. I always set my anti-virus to delete infected incoming messages. If you've got he option in your AV software to delete the attachment and replace it with a message saying that the attachment was deleted, that might be more in line with what you're wanting to do. But only if your AV software supports that, and not all of them do.


McAfee does.

But email return and from headers have been forged for many years. My
point was that it is always possible to find the IP address that your
ISP or forwarder received the email from, and together with the spoofed
addresses, this is usually enough to identify the real sender if known
to the recipient. I'm not talking about trying to identify a Korean
spammer, but an associate company of the client.

Outlook/OE does allow all headers to be seen, though they could be
presented more conveniently. If the entire email is deleted from the
mailbox, so is any chance of tracing it. I'm fairly sure that there are
no Exchange logs which retain the full headers.
.

Relevant Pages

  • Re: [PHP] Re: utf8/quoted printable based mail renders raw html
    ... our clients that some of their subscribers are having problems with ... The email client is always ... Outlook 2003 on XP of various flavors. ... all of the headers if it didn't have a few main ones. ...
    (php.general)
  • Re: [PHP] Re: utf8/quoted printable based mail renders raw html
    ... our clients that some of their subscribers are having problems with ... Outlook 2003 on XP of various flavors. ... all of the headers if it didn't have a few main ones. ... It's a multi-part mime message with a plain text version and an html ...
    (php.general)
  • Re: [PHP] Re: utf8/quoted printable based mail renders raw html
    ... our clients that some of their subscribers are having problems with ... Outlook 2003 on XP of various flavors. ... all of the headers if it didn't have a few main ones. ... It's a multi-part mime message with a plain text version and an html ...
    (php.general)
  • Re: [PHP] Re: utf8/quoted printable based mail renders raw html
    ... our clients that some of their subscribers are having problems with ... The email client is always ... Outlook 2003 on XP of various flavors. ... all of the headers if it didn't have a few main ones. ...
    (php.general)
  • RE: questions on setting up a mail server
    ... questions on setting up a mail server ... The first group does encryption of the password only. ... Sure it is simple - when ALL clients are running the same version ... of Windows, IE, and Outlook. ...
    (freebsd-questions)