What? Why not? I have been running trend micro on my exchange server for over two years = now. We haven't been hit with a virus yet. Best product I have ever = used. Greg -----Original Message----- From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx] Sent: Monday, May 19, 2003 9:39 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VIRUS WARNING I hope you're not running file AV scanning on an Exchange server! > -----Original Message----- > From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]=3D20 > Sent: Monday 19 May 2003 14:40 > To: 'windows2000@xxxxxxxxxxxxx' > Subject: [windows2000] Re: VIRUS WARNING >=3D20 >=3D20 >=3D20 > I suppose that some people don't control their mail servers,=3D20 > but for those of you that do, why would anyone allow .exe or=3D20 > .pif files through? >=3D20 > I've been blocking a whole list of attachments for a couple=3D20 > years (the Martin list...) and, while I do run file-level AV=3D20 > on the mail server, they are all caught by the attachment blocking... >=3D20 > Glenn Sullivan, MCSE+I MCDBA > David Clark Company Inc. >=3D20 >=3D20 > -----Original Message----- > From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx] > Sent: Monday, May 19, 2003 9:33 AM > To: windows2000@xxxxxxxxxxxxx > Subject: [windows2000] Re: VIRUS WARNING >=3D20 >=3D20 >=3D20 > Thanks Jim. Do you know if the latest Norton definitions can=3D20 > catch this one? >=3D20 > > -----Original Message----- > > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=3D3D20 > > Sent: Monday 19 May 2003 14:24 > > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=3D3D20 =3D20 > >brainstem@xxxxxxxxxxxxx > > Subject: [windows2000] VIRUS WARNING > >=3D3D20 > >=3D3D20 > >=3D3D20 > > If you receive an email from Support@xxxxxxxxxxxxx that has=3D3D20 = an =3D > >attachment DO NOT OPEN IT! This is a virus. Delete it=3D3D20 =3D20 > immediately. =3D20 > >My mcaffee I updated yesterday is not catching=3D3D20 this one.=3D20 > Watch out!=3D20 > >Regards, Jim Kenzig =3D3D20 > >=3D3D20 > > VIRUS WARNING The Central Command(r) Emergency Virus Response=3D3D20 > > Team(tm) (EVRT(tm)) has received virus infection reports for =3D the=3D3D20 > > new Internet Worm/Palyh.A=3D3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D3D3D030518-000043>. Due to increased customer =3D inquires=3D3D20 > > and infection reports the EVRT is issuing a VIRUS ALERT. > >=3D3D20 > > You are receiving this news letter because you are a=3D3D20 > > subscriber to the Central Command Virus News mailing list. > >=3D3D20 > > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=3D3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D3D3D030518-000043> ] > >=3D3D20 > > Name: Worm/Palyh.A=3D3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D3D3D030518-000043> > > Alias: Win32.Palyh-A > > Type: Internet Worm > > Discovered: May 18, 2003 > > Size: 52.955KB > > Platform: Microsoft Windows 9x/ME/NT/2000/XP > >=3D3D20 > >=3D3D20 > > Description: > >=3D3D20 > > Worm/Palyh.A=3D3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > user/std_adp.p > hp?p_refno=3D3D3D030518-000043> is an Internet worm that spreads=3D20 > through e-mail by using addresses it collects in the files=3D20 > with the following extensions, .dbx, .eml, .htm, .html, .txt,=3D20 > and .wab. >=3D20 > The worm may arrive in via email in the following format: >=3D20 > From: support@xxxxxxxxxxxxx > Subject: (it will contain one of the following) >=3D20 > - Your Password > - Screensaver > - Re: Movie > - Your details > - Approved (Ref: 38446-263) > - Re: Approved (Ref: 3394-65467) > - Cool screensaver > - Re: My details > - Re: My application > - Re: Movie >=3D20 > Attachment: (it will contain one of the following) >=3D20 > - movie28.pif > - application.pif > - ref-394755.pif > - approved.pif > - doc_details.pif > - your_details.pif > - screen_temp.pif > - screen_doc.pif > - password.pif >=3D20 > If executed, the worm copies itself in the \windows\=3D20 > directory under the filename "mscon32.exe". >=3D20 > So that it gets run each time a user restart their computer=3D20 > the following registry key gets added: >=3D20 > - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run > "System Tray"=3D3D3D"C:\\WINDOWS\\MSCON32.EXE" >=3D20 >=3D20 > =3D =3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D= 3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D=3D 3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3 > D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D > =3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D > To Unsubscribe, set digest or vacation > mode or view archives use the below link. >=3D20 http://thethin.net/win2000list.cfm =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D= 3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D= 3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm