BEDEVERE: Exactly. So, logically... VILLAGER #1: If... she... weighs... the same as a duck,... she's made of wood. BEDEVERE: And therefore? VILLAGER #2: A witch! VILLAGER #1: A witch! CROWD: A witch! A witch!... Ohh! Ohh! Burn the witch! ---------------------------------------------------------------- This was more than likely an honest error, not worth burning anyone at the stake over. -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, June 05, 2003 4:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: OT: virus in list http://www.ISAserver.org This may be a case of an improperly configured notice from the same software I use. I have requested that Jim send me more information so I can follow up directly with the admin involved. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Thursday, June 05, 2003 2:16 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: OT: virus in list > > http://www.ISAserver.org > > > Here was my response to this kind of "auto-advisor" code today: > > (his mail) > ----- Original Message ----- > From: "Postmaster" <postmaster@xxxxxxxxxxxxxxxxxxxxxx> > To: <postmaster@xxxxxxxxxxxx> > Sent: Thursday, June 05, 2003 00:32 > Subject: Your mail server sent us a virus > > > The Virus software on our mail server detected the W32/Sobig.C@mm virus > that appears to have come from your mail server. It was sent in > an attachment application.pif, from jim@xxxxxxxxxxxx to > kosmoski@xxxxxxxxxxxxxxxxxx, > with the subject "Re: Movie". The Message-ID was: > <20030605023254.SM01532@FREMIOT-PC>. > > If your mail server had virus protection, it would have caused less work for > our server and would have likely prevented one of your users from getting a > virus in the first place! > > (my response) > > Hello, > > Five points for you to ponder: > 1. I've examined my mail server logs for the past week and no such mail ever > left my server. > 2. I have server-based AV scanning and it has been catching Sobig for the > last week. > 3. It's one of the attributes of Sobig that the source email addr is > spoofed. > 4. If you examine the mail header and your own mail logs, you'll likely see > that regardless of the "source email address", the source IP is not mine. > 5. If your automation was smarter, I wouldn't have to respond to inane > comments like "If your mail server had virus protection, it would have > caused less work for our server and would have likely prevented one of your > users from getting a virus in the first place!" > > The fact is, if you used smarter virus response automation, I wouldn't have > to waste my time educating you. > Get a clue; they're free. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > > ----- Original Message ----- > From: "Dan Gabbard" <intellihome@xxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, June 05, 2003 12:47 > Subject: [isalist] OT: virus in list > > > http://www.ISAserver.org > > > > > I just sent a reply to a post and then received an out-of-office reply that > had a virus attached, according to Norton AV. The virus came from > "NAVMSE-BRUMAIL@xxxxxxxxxxx" I think, not sure how Norton handle these. > Has > this happened to anyone else on the list? > > > > > > Dan > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')