[Avcheck] IP of infected computer?

[Michael Tokarev]

Velimir Kalik wrote:
> 
> Hi all,
> 
> I was wondering if it is posible to see the IP of the infected computer that
> sent mail through postfix and avcheck (+avp) system in the report that is
> sent to the sender and to the antivirus admin? Or if the full headers could
> be shown in the report sent to the antivirus admin, including the sender's
> IP and all other mail rutes until the end mail server is reached? Thank you!

But all -- be it sender, recipient or administrator -- *always* got complete
headers from original infected message, when using both variants of `infected'
handler as shipped with avcheck.  The only problem may be that some MUAs are
unable to display those headers properly - for example, MS Outlook (not Outlook
Express), if memory serves me right, refuses to display attachment of type
message/rfc822-headers at all, the only way to force it to show those headers
is to save *complete* message to disk and open it using some editor (again,
if memory serves me right, message will be saved with .dat extension that
isn't and shouldn't be assotiated with any text editor in winbloze).

(Once I tried to debug some mail-related problem and spent about half-a-hour
trying to force MS Outlook to show me complete bounce message - that was
not a trivial task, errm... :)

Headers has full information as available to avcheck - mind you, a message
may be sent not only from your own network, and not only via smtp...

/mjt