Re: [Exim] What to do with messages that seem to be virus-in…

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] What to do with messages that seem to be virus-infected?
On Sat, 6 Mar 2004, Fred Viles wrote:

> On 6 Mar 2004 at 16:54, Alan J. Flavell wrote about
> | Some virus writers have responded by
> | using the client's normal mail-submission mechanisms, i.e using the
> | local mail server as a relay.
>
> How does the virus figure out the smarthost's address?


To be honest, I can't answer that question, but what I had assumed was
that the virus used whatever API it is that Windows/OE/whatever uses
for launching mail, and left the rest of the machinery to get on with
it, using whatever mail relay it's been configured to use.

If that was the case, then the virus wouldn't need to know or find out
what that relay was. But I'm frankly guessing. The virus reports
that I had read about this didn't go into that level of detail.