J
John Price
From time to time I get messages from the likes of Norton AntiVirus that I
sent a message with a virus. They always cite the same version of my email
address, which is not the usual version (it's set up to allow variations on
the first part before the "@" sign).
I know from several scans with different AV progs, Adaware, Spybot, use of
trojan detectors etc and a Firewall, that i am clean, so i presume it's
being sent by someone who has this particular version of the email address
in their address book. It's a version that allows me to take some guesses to
narrow down who it might be, but still too many to identify them precisely.
So, does the info below, taken from the latest "alert" give me any cluse - I
just don't know how to read it. I have replace references to my email
address with XXXXXXXXXXXXXX
X-Envelope-To: XXXXXXXXXXXXXX
X-claradeliver-Version: 4.22.10
X-Clara-Filter: xxff4LUOZnQQg
Return-path: <[email protected]>
Delivery-date: Sun, 23 Nov 2003 05:36:10 +0000
Received: from femke.canon-europa.com ([194.26.184.18])
by mx0.mail.uk.clara.net with esmtp (Exim 4.24)
id 1ANmuo-0006Oi-7g
for XXXXXXXXXXXXXX; Sun, 23 Nov 2003 05:36:10 +0000
Received: from Sheila.local.canon-europa.com (Sheila [195.118.6.3])
by femke.canon-europa.com (8.12.10/8.12.1) with ESMTP id hAN5UlNb024267
for <XXXXXXXXXXXXXX>; Sun, 23 Nov 2003 06:30:47 +0100 (MET)
Received: from PHOEBE.cuk.canon.co.uk (canon.co.uk [194.69.191.206])
by Sheila.local.canon-europa.com (8.12.10/8.12.10) with ESMTP id
hAN5a9Xf022643
for <XXXXXXXXXXXXXX>; Sun, 23 Nov 2003 06:36:09 +0100 (MET)
Received: from mimas.cuk.canon.co.uk ([172.27.38.46])
by PHOEBE.cuk.canon.co.uk (Lotus Domino Release 5.0.12)
with ESMTP id 2003112305353136:153192 ;
Sun, 23 Nov 2003 05:35:31 +0000
To: <>
Sender: "WoodhatchMail2" <[email protected]>
Subject: NAV detected a violation in a document you authored.
X-Priority: 3 (Normal)
Date: Sun, 23 Nov 2003 05:34:06 +0000
Message-ID: <[email protected]>
From: "Norton Anti Virus" <[email protected]>
MIME-Version: 1.0
X-MIMETrack: Serialize by Router on WoodhatchMail2/CanonUK/UK(Release 5.0.12
|February
13, 2003) at 23/11/2003 05:34:08,
Itemize by SMTP Server on Outbound_SMTP/CanonUK/UK(Release 5.0.12
|February
13, 2003) at 23/11/2003 05:35:31,
Serialize by Router on Outbound_SMTP/CanonUK/UK(Release 5.0.12 |February
13, 2003) at 23/11/2003 05:35:31,
Serialize complete at 23/11/2003 05:35:31
Content-type: text/plain; charset=us-ascii
X-UIDL: 1069565770.24602.kastor.uk.clara.net
X-RCPT: XXXXXXXXXXXXXX
Status: U
sent a message with a virus. They always cite the same version of my email
address, which is not the usual version (it's set up to allow variations on
the first part before the "@" sign).
I know from several scans with different AV progs, Adaware, Spybot, use of
trojan detectors etc and a Firewall, that i am clean, so i presume it's
being sent by someone who has this particular version of the email address
in their address book. It's a version that allows me to take some guesses to
narrow down who it might be, but still too many to identify them precisely.
So, does the info below, taken from the latest "alert" give me any cluse - I
just don't know how to read it. I have replace references to my email
address with XXXXXXXXXXXXXX
X-Envelope-To: XXXXXXXXXXXXXX
X-claradeliver-Version: 4.22.10
X-Clara-Filter: xxff4LUOZnQQg
Return-path: <[email protected]>
Delivery-date: Sun, 23 Nov 2003 05:36:10 +0000
Received: from femke.canon-europa.com ([194.26.184.18])
by mx0.mail.uk.clara.net with esmtp (Exim 4.24)
id 1ANmuo-0006Oi-7g
for XXXXXXXXXXXXXX; Sun, 23 Nov 2003 05:36:10 +0000
Received: from Sheila.local.canon-europa.com (Sheila [195.118.6.3])
by femke.canon-europa.com (8.12.10/8.12.1) with ESMTP id hAN5UlNb024267
for <XXXXXXXXXXXXXX>; Sun, 23 Nov 2003 06:30:47 +0100 (MET)
Received: from PHOEBE.cuk.canon.co.uk (canon.co.uk [194.69.191.206])
by Sheila.local.canon-europa.com (8.12.10/8.12.10) with ESMTP id
hAN5a9Xf022643
for <XXXXXXXXXXXXXX>; Sun, 23 Nov 2003 06:36:09 +0100 (MET)
Received: from mimas.cuk.canon.co.uk ([172.27.38.46])
by PHOEBE.cuk.canon.co.uk (Lotus Domino Release 5.0.12)
with ESMTP id 2003112305353136:153192 ;
Sun, 23 Nov 2003 05:35:31 +0000
To: <>
Sender: "WoodhatchMail2" <[email protected]>
Subject: NAV detected a violation in a document you authored.
X-Priority: 3 (Normal)
Date: Sun, 23 Nov 2003 05:34:06 +0000
Message-ID: <[email protected]>
From: "Norton Anti Virus" <[email protected]>
MIME-Version: 1.0
X-MIMETrack: Serialize by Router on WoodhatchMail2/CanonUK/UK(Release 5.0.12
|February
13, 2003) at 23/11/2003 05:34:08,
Itemize by SMTP Server on Outbound_SMTP/CanonUK/UK(Release 5.0.12
|February
13, 2003) at 23/11/2003 05:35:31,
Serialize by Router on Outbound_SMTP/CanonUK/UK(Release 5.0.12 |February
13, 2003) at 23/11/2003 05:35:31,
Serialize complete at 23/11/2003 05:35:31
Content-type: text/plain; charset=us-ascii
X-UIDL: 1069565770.24602.kastor.uk.clara.net
X-RCPT: XXXXXXXXXXXXXX
Status: U