At 16:03 05/09/02, Steve Face wrote:
>...the virus W32.Klez.gen@mm was detected and put into quarantine.
>I sent a notification to hotmail about the virus (with a copy of
>the email) and suggested that they take a look at the account and
>determine if the virus was being maliciously sent from it or if it
>was another victim (and clean the virus). I received an email back
>from the administrator stating that I have to set my email client
>to show the full header and send it back to them before they will
>take any action. I have two questions.
>First, how do I get my email client Eudora 5.1 to show the full
>header? Second, is this a typical response from the email service
>administrator?


Hi Steve

When a computer is infected with the Klez worm, the Klez's built
in email client takes email addresses from the infected machine's
Address Book and puts them in both the "To" and "From" lines of
messages that it secretly sends out. Hence you can't tell who
sent a Klez infected message just by looking at the "From" line.
You need to look at the complete headers for a clue as to whose
machine was used to send the message.

In Eudora 5.1, as in other versions, you show the complete headers
of a downloaded message by pressing the "BLAH BLAH BLAH" button
which is between the "TT" (True Type) and "Pencil" (allow editing)
buttons toward the left of the tool bar which is directly above
the headers of the open message.

Regards,
Bill

               The NOSPIN Group Promotions is now offering
              Mandrake Linux or Red Hat Linux CD sets along
         with our NOSPIN Power Linux CD...  at a great price!!!
             http://freepctech.com/goodies/promotions.shtml