Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus mail delivering to address different than in headers 2

Status
Not open for further replies.
DanMIS

DanMIS

MIS
Sep 16, 2004
189
0
0
US
I have W32.soberx@mm virus mails delivering to a different address than the mail is sent to. For example, the mail is addressed to "mailingbox@<domain>". But it delivered to a user mailbox, and that user has no matching SMTP address.

I'm a little confused on how it is delivering to his mailbox. Others came in and went to "all users" although addresses to a single address "Bruce@<domain>".

Ideas?

Here are the headers from a recent one.

**********************
Microsoft Mail Internet Headers Version 2.0
Received: from mail.<domain name> ([10.53.5.235]) by <Mail server name> with Microsoft SMTPSVC(6.0.3790.211); Tue, 22 Nov 2005 06:35:22 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Received: from ffkpmbjsd.edu ([24.248.44.3] RDNS failed) by <Front end server name> with Microsoft SMTPSVC(6.0.3790.0); Tue, 22 Nov 2005 06:35:22 -0500
From: <fisch.mathias@mayo.edu>
To: <mailingbox@<domain name>>
Date: Tue, 22 Nov 2005 11:24:37 GMT
Subject: hi, ive a new mail address
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <faa9.cdf38e1ebad9@<domain name>>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=26fbe08badc.b904cefd638"
Content-Transfer-Encoding: 7bit
Return-Path: <fisch.mathias@mayo.edu>
X-OriginalArrivalTime: 22 Nov 2005 11:35:23.0098 (UTC) FILETIME=[D34AC3A0:01C5EF58]

--=26fbe08badc.b904cefd638
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

--=26fbe08badc.b904cefd638
Content-Description: Quarantined Attachment Report
Content-Type: text/plain;
name="Quarantined Attachment.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Quarantined Attachment.txt"


--=26fbe08badc.b904cefd638--
 
Sort by date Sort by votes
Hi Dan.

I think I'm having a problem similar to this. However, my virus scans came back clean.

Did your virus scans detect this virus, or did you locate this virus some other way?
 
Upvote 0 Downvote
My virus scanner found it and removed the affected attachment.

I use Symantec for my anti-virus.
 
Upvote 0 Downvote
Strange, I use Symantec's Mail Security for Exchange and these boogers are still getting through.


Dan
 
Upvote 0 Downvote
I'd try tracking it in ESM to see if there were any other TO: addresses in it. Maybe CC or BCC. That's what I've found when it happens to me.


 
Upvote 0 Downvote
ymeq- Thanks, I hadn't thought of looking there. When I did, I found those mail showing the "real" recipients.

Dan
 
Upvote 0 Downvote
hi dcolcl,

i use smse4.6, some of those virus email did pass through!
X-(
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
769
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
1K
microsGuy16
microsGuy16
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
1K
Priyanka_Chauhan
Priyanka_Chauhan
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher

Part and Inventory Search

Sponsor

Back
Top