thats what I am gonna do. Thanks a lot!! -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Monday, August 20, 2001 9:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: CODE RED!!!!!!!!! http://www.ISAserver.org I only said that you could be infected. Not necessarily that you were infected. On all public servers I remove all forms of IDQ.DLL and .printer, .shmtl, .stm etc to help minimize what could be something else that contains a hole. -----Original Message----- From: Shayne Lebrun [mailto:slebrun@xxxxxxxxxxx] Sent: Monday, August 20, 2001 6:15 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: CODE RED!!!!!!!!! http://www.ISAserver.org 200 does NOT mean that you're infected. 200 means simply that the HTTP request matched a valid ISA web publishing rule, and therefore was allowed to go through. Believe it or not, most of these are quite valid HTTP requests, if a bit on the longish side. It's up to the webserver itself to throw out invalid requests, and that means running patches that guard against these things. Although I have been idly toying with the idea of a 'site and content rule' that would block any request to default.ida. Haven't looked into it, though, to see if it's feasable. -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Monday, August 20, 2001 8:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: CODE RED!!!!!!!!! http://www.ISAserver.org I would say the 200 at the end of your log entry could mean that you were infected: 200 - OK Message - the requested HTTP page was fulfilled. If ISA server blocks the item via the default rule then the log entry would show 12206. Joseph -----Original Message----- From: Sharma, Shobha [mailto:c-ssharma@xxxxxxxxxxx] Sent: Monday, August 20, 2001 5:35 AM To: [ISAserver.org Discussion List] Subject: [isalist] CODE RED!!!!!!!!! http://www.ISAserver.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: slebrun@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: c-ssharma@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')