Simon, If you haven't seen it for yourself go over and have a look. I got lots of reports of infections yesterday but it turned out to be just "undeliverable" email notices bouncing back to them because their address was used in the return. As you know this virus spoofs the return email address so just because (or maybe even definitely because) reports are coming in that the infection has their return email address on it does not mean that they are the infected party. Amy Babinchak Technology Consultant -----Original Message----- From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] Sent: Thursday, August 21, 2003 5:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] the SoBig Worm - what should I expect to see..... http://www.ISAserver.org Hi everyone I was in the process of getting a new client over to SBS2000, as they are currently using Win2k / Exchange / Proxy 2.0 However I was called in due to the fact they "believe" they are infected with the SoBig.f Virus. However a complete scan of the Server / PC's and patching all machines proved there was no trace of the virus. However, they are getting inundated with hundreds upon hundreds of emails that is being picked up by the AV Symantec Program and sending the Emails out with a Quarantine Attachment. However people are also saying they are "receiving" Emails from the users in this LAN to external recipients with a virus attached! I do not believe it - But is this the behaviour of this new virus. Also, am I right in thinking if I get SBS2k / ISA up and running I can filter out .scr / .exe / .pif files?? Any advise is welcome :-) Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')