[lug] mailman and AV

D. Stimits stimits at comcast.net
Tue Nov 2 22:16:46 MST 2004

> Received: from homeoffice.org (adsl-70-240-238-238.dsl.hstntx.swbell.net
>         [])
>         by new.community.tummy.com (Postfix) with SMTP id B93B720CCDA4
>         for <lug at lug.boulder.co.us>; Mon,  1 Nov 2004 23:09:33 -0700 (MST)

host domain name pointer 

That so far is a forgery.

host homeoffice.org
homeoffice.org has address

This too does not match homeoffice.org.

host new.community.tummy.com
new.community.tummy.com has address

Perhaps it is coming through tummy.com, I'm not sure, but there is 
certainly some forgery going on. The real sender at the start of it all 
seems to be from swbell.net, and all in the header is certainly not 
correct. Anyone know who has a windows machine on swbell.net that also 
has the lug members in their address book? Most of these viruses send to 
address book recipients, and if someone has those those LUG people in 
their address book, would be a reason why 2 or more people on this list 
got it. I'm not great at sleuthing headers, but this one is not 
completely honest.

D. Stimits, stimits AT comcast DOT net

More information about the LUG mailing list