Headers from the latest:
Return-Path:
<rcsailing@intellisys.net>
Received:
from swcp.com (246.125.35.65.cfl.rr.com [65.35.125.246])
?
by taka.swcp.com (8.12.9/8.12.9) with ESMTP id i3IMHm2b072948
?
for <boebert@swcp.com>; Sun, 18 Apr 2004 16:17:49 -0600 (MDT)
Message-Id:
<200404182217.i3IMHm2b072948@taka.swcp.com>
From:
rcsailing@intellisys.net
To:
boebert@swcp.com
Subject:
Re: Homepage
Date:
Sat, 17 Apr 2004 17:04:23 -0400
MIME-Version:
1.0
Content-Type:
multipart/mixed;
?
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority:
3
X-MSMail-Priority:
Normal
X-Spam-Checker-Version:
SpamAssassin 2.63 (2004-01-11) on kaimen.swcp.com
X-Spam-Status:
No, hits=2.7 required=10.0 tests=MICROSOFT_EXECUTABLE,
?
MIME_BOUND_NEXTPART,MISSING_MIMEOLE,NO_REAL_NAME,PRIORITY_NO_NAME
?
autolearn=no version=2.63
X-Spam-Level:
**
Full Headers:
Hide Headers
Attachments:
Part 1 noname (TEXT/PLAIN 7bit 39 bytes) Hide
Part 2 homepage0.pif (APPLICATION/OCTET-STREAM base64 25260 bytes)
Note: rcsailing is not infected, the virus has pulled this return address out of somebody’s address book. The infected site is probably a cable modem on RoadRunner.
( (246.125.35.65.cfl.rr.com [65.35.125.246]) If you recognize that IP address as yours, you’ve got it 
Do not open the attachment, or any attachment from an email whose source you don’t recognize. And get those virus filters updated.
Cheers (sort of),
Earl
“My name is Earl Boebert. I’ve been working computer and communications security for over thirty years. My home is a Microsoft-Free Zone. Any questions?”