-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2004-04-04 at 22:01 +0200, Arjen Runsink wrote:
"It seems legitimate at first glance"
This exactly one of the viruses tricks. Faking a bounce message. So this is not from a suse server.
I don't think that is the case, I have some experience analyzing headers. The received header added by my pop3 provider (which I know it is true) says that it received the email from a machine named Cantor... whose IP matches, and it is a SuSE machine. If I trust that info - which can only be false if the IP was spoofed or spliced, and that is not so easy - then the previous header can be trusted as well, as it matches the last one: and this also mentions another SuSE machine. Yes, what I received I'm 95% sure is legitimate. The virus sent it to florian, who has moved and has set up a autoresponder - - /usr/bin/vacation? - Unfortunately, the autoresponder works before the virus checker, or there wasn't one, or it did not work, so the virus was bounced to me. And bouncing the virus is what I'm "ranting" about - as Florian can no longer be reached, to whom do I report? Feedback no longer has an email. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFAcSeCtTMYHG2NR9URAhGrAJ0QGzwq5xeHSqIzWqzc9WCat8POnwCfd3Oa fDM5tbrekhZJJ7tE2Opgq+E= =imia -----END PGP SIGNATURE-----