OT: Virus "spoja" from IP 161.69.3.155

[Marlon Yu]

-----BEGIN PGP SIGNED MESSAGE-----

At 08:22 PM 2/28/02, Twipples at lacy.pathlink.com wrote:
>I get virus warnings on my machine anytime a virus is detected on our mail
>server, so I quickly run over to the server and netstat -n and find the only
>public IP connected to port 25 is 161.69.3.155, which after a quick Arin
>whois lookup shows the registrant as Network General Corp., out of
>curiousity I copy and past the IP into my browser and it sends me to
>http://www.nai.com/ Network Associates home page the creators of McAfee!!!!
>
>Does this make sense?

Have you considered the fact that netstat -n may be reporting your 
anti-virus' connection to its makers and that the connection is not being 
made by the virus-laden mail's sender?  I mean, c'mon, surely the mail 
must've already been successfully delivered to your system's MTA (but not 
yet to the recipient's mailbox), and hence, the connection is no longer 
present or has been terminated by the sending MTA.  Is your mail anti-virus 
a product of NAI?  Have you even checked if the virus-laden mail is from 
the Internet and not from an internal machine?

The truth isn't always "out there", sometimes it's just right in front of 
you...move along now people, no conspiracy here....   :-)


M. Yu

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQEVAwUBPH9sNKVoTKYpb1QtAQE7IQgAkxx8ahmmeqBZSg01qL21e+SiQA5HGnRt
hHGRjSEatLC6xrnUpQyyWrMD7SRTD0hYJn/FXEw78pgwBghIsvtsBUhMEe6RsxB5
h5+EG6B6jyF2QMQnYII8EfGl3Qd1RvB1So6hiib/GC/aYPz4PrrCMzykmbN4tSko
Jok+N/+PqhB4YMKGBJVd8okyEhmcex1YfrJFcfie+xEfCc1XVHtBIFPqmQWCnBwF
CU9GHXb31PBgtL7nnbASi6pf7Q77YyOQ2N1pg6a41zcCpbtePPUThlCYVfwAygRI
GMQAygsHAeYCMPwQOJBnkv0boMry3UeEM9NPvNAQK0rgh5PfrMhDLQ==
=SjmM
-----END PGP SIGNATURE-----