Or, it could be a user with a POP3 account. That's how it get thru our firewall, which was blocking zip attachments to smtp mail. --- "Hermano JS. Queiroz" <hjsqueiroz@xxxxxxxxxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Thanks Chris, I really appreciate your thoughts on > this and I'll pass this message to him. Actually if > this situation was related with us probably this > option won't be the best one for our University > because we are depending on students from > everywhere. > > Thanks, > > Hermano > > -----Original Message----- > From: Chris Wall > [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx] > Sent: Thursday, February 26, 2004 2:20 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Weird e-mail > > > http://www.MSExchange.org/ > > Hermano, > > If your organization is anything like ours it > could be that a 'visitor' > or employee has brought in an infected laptop and > put it on your wire. The > virus could have started like that... Since Netsky > uses its own SMTP engine > it could have started propogating on your network > that way. > > To combat this, we have blocked all SMTP traffic > at the Firewall level > (except from approved IP's) so that we can monitor > SMTP traffic in the > organization and detect where it is coming from. > This worked well with us > and we were able to quarantine any infected machines > with virus' that use > their own SMTP engine. > > Not sure about the .zip file size... > > Just a thought. Anyone else have any ideas? > > Chris > > -----Original Message----- > From: Hermano JS. Queiroz > [mailto:hjsqueiroz@xxxxxxxxxxxxxxxxxx] > Sent: Thursday, February 26, 2004 2:09 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Weird e-mail > > http://www.MSExchange.org/ > > I got message from this guy in my other discuss list > and I tought we need to > know about it. > > Hermano > > --------------------------------------------------------------------------- > > Hi All > > Something weird has been happening the last three > days. We have been getting > mails that look like the NetSky virus (smae text and > attachments), to a > certain mailboxs, but the weird thing is that the > .zip attachment is 78 > Bytes, the actual virus .zip file is 22,016 bytes. > Another things is our > Mailsweeper is set to block all .zip files but this > one is getting through. > I did a test and sent a mail with a normal .zip > attachment to this mail box > and it got blocked. Has anyone seen this or have any > ideas on what its all > about? > > Thanks in advance. > > Sean > ---------------------------------------------------------------------------- > ----- > > ------------------------------------------------------ > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: > http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: > http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com > No.1 ISA Server Resource Site: > http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ > Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax > Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: > http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: > http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com > No.1 ISA Server Resource Site: > http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ > Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax > Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: > http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: > http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com > No.1 ISA Server Resource Site: > http://www.isaserver.org > Windows Security Resource Site: > http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: > http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: > http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com > No.1 ISA Server Resource Site: > http://www.isaserver.org > Windows Security Resource Site: > http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ __________________________________ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools