|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: w32.mimail.a@mm Question
Date: Wed Aug 06 2003 - 04:12:48 EDT
Most of these worms are not complex enough to spoof the senders IP as well. Although if you do try and trace it the likelihood is that you will stumble across an IP address that is assigned to an ISP and therefore will never really find the location of the email origin.
If the email you received from admin@<your domain> and came through the gateway then I am extremely confident that the worm has not infected your internal network.
On 05/08/2003 19:15:16 Daan van de Linde wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>You can attempt to find the source Ip through the email headers,
I
>> might be a good target and sent me an email from admin@<my domain>
>>
>> now my question, is someone on my network infected or could this be an
>> external source trying to infect us?
>>
>> I have added the string "admin@jhbchev.co.za REJECT" in the
>> /etc/mail/access file to try to stop this email from being passed on to
the
>> account holder in the "To" field.
>> Will the above work?
>>
>> I am also busy running "tail -f /var/log/maillog |grep
admin@jhbchev.co.za"
>> to try to monitor if & when it tries again.
>>
>> Kind regards
>>
>> Colin van Niekerk
>>
>>
>>
>>
>-----BEGIN PGP SIGNATURE-----
>----------------------------------------------------------------------------
>
-- Matthew Barrow, Technical Support Assistant, Sophos Anti-Virus Email: support@sophos.com, Tel: 01235 559933, Web: www.sophos.com Add live virus info to your website: http://www.sophos.com/link/vfeed --------------------------------------------------------------------------- ----------------------------------------------------------------------------Received on Wed Aug 6 12:07:41 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:40 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |