Trend´s support (US and Brazil) confirm tha it just occurs in W32... I´ve not tested it on UX. Pedro Quintanilha Segurança da Informação Editora Abril s/a pquintanilha@abril.com.br +55-11-3037-4297 -----Original Message----- From: Patrick Morris [mailto:pmorris@wilshire.com] Sent: Saturday, May 25, 2002 3:36 PM To: Pedro Quintanilha Cc: bugtraq@securityfocus.com Subject: Re: TrendMicro Interscan VirusWall security problem This occurs on Unix installations as well. Depending what you need to know the original sender's IP for, there are several ways to work around it. On Fri, 24 May 2002, Pedro Quintanilha wrote: > In the most instalations Interscan listens on port 25 (SMTP), > receives the message, scan it, and then re-send it to the "real" > SMTP daemon (listening on another port), preserving the SMTP-header > present in the message. > But, since it doesn´t includes a new line on SMTP-header with > the sender´s IP, and doesn´t write any extra log including it > (it just logs virus occurrences), the final message header will not > contain the real sender´s IP!!
