MSU Listserv

Just remember to be careful when looking at headers.
You can not rely on any of the email headers beyond the
last hop that actually delivered the mail to MSU; That IP
cannot be forged.  Any hops before that can easily be
forged by a virus/spammer/etc.

In this case, it doesn't matter because there is only one
hop in the header.

-Russell


Lee Duynslager wrote:
> One of the ways I handle these types of emails is that I determine who is
> responsible for the IP address of the machine that sent this message out:
>
> If you look in the headers this is:   165.189.17.51
>
> I used a tool on the net called sam spade to determine who is responsible
> for this IP.  You can click on the link below.  There are links within this
> page so you can send the network abuse person a message ( or call ) about
> these problems you are having and they will have something done.
>
>
>
> http://www.samspade.org/t/lookat?a=165.189.17.51
>
>
> Lee
>
> Lee Duynslager
> Information Technologist
> Integrated Plant Systems
> Michigan State University
>
> (517) 432-5296
>
>
> -----Original Message-----
> From: MSU Network Administrators Group [mailto:[log in to unmask]] On
> Behalf Of Tim Potter
> Sent: Wednesday, May 12, 2004 8:27 AM
> To: [log in to unmask]
> Subject: [MSUNAG] Suspect files of zero-length
>
> I've been receiving suspicious files of the usual viral extensions (.exe,
> .scr, .com, etc.) about every day from this same individual (see below) but
> all of the files have been zero length and not detected by my AV software
> as infected (Norton AV CE 7.61 and Kaspersky KAV 4.5.0.95 Trial).  Anyone
> else see files like this slipping thru their AV and the mail.msu.edu AV?
>
> Can this sender be blocked at the mail.msu.edu server?
> Tim
>
>
> Return-path: <[log in to unmask]>
> Envelope-to: [log in to unmask]
> Delivery-date: Wed, 12 May 2004 08:53:37 -0400
> Received: from [165.189.17.51] (helo=W17269.org)
>          by sys16.mail.msu.edu with smtp (Exim 4.32 #22)
>          id 1BNtEv-00030N-1m
>          for [log in to unmask]; Wed, 12 May 2004 08:53:37 -0400
> Date: Wed, 12 May 2004 07:52:42 -0600
> To: "Pottert" <[log in to unmask]>
> From: "Mark.ibach" <[log in to unmask]>
> Subject: Re: Msg reply
> Message-ID: <[log in to unmask]>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>          boundary="--------bvhkxpkbmvushehovkub"
> X-Virus: None found by Clam AV
> X-Spam-Status: No, hits=0.9 required=5.0 tests=HTML_30_40,HTML_MESSAGE,
>          MIME_HTML_ONLY autolearn=no version=2.63
> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on sys16.mail.msu.edu
> X-Spam-Level:
>
> **********************
> Tim Potter  <><
> Information Officer
> MSU Alumni Association
> E. Lansing, MI  48824
> Toll-free: 877/ MSU-ALUM (678-2586)
> Ph: 517/432-1160
> Fax: 517/432-7769
> Stay Connected! www.msualum.com
>
> .
>