Ah, that explains it... I run Exchange 5.5. For the next few months at least... Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx] Sent: Monday, May 19, 2003 9:54 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VIRUS WARNING The M drive is an Exchange 2000 virtual drive that, if backed up or AV-scanned, can corrupt your Information Store! > -----Original Message----- > From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]=20 > Sent: Monday 19 May 2003 14:55 > To: 'windows2000@xxxxxxxxxxxxx' > Subject: [windows2000] Re: VIRUS WARNING >=20 >=20 >=20 > Huh? >=20 > Not sure what you are talking about... but I am running=20 > Exchange 5.5... >=20 > Care to elighten me? >=20 > Glenn Sullivan, MCSE+I MCDBA > David Clark Company Inc. >=20 >=20 > -----Original Message----- > From: Dennis Appelboom [mailto:dennis.appelboom@xxxxxxxxxx] > Sent: Monday, May 19, 2003 9:52 AM > To: windows2000@xxxxxxxxxxxxx > Subject: [windows2000] Re: VIRUS WARNING >=20 >=20 >=20 > Not to forget the M share...... If you're running AV or a=20 > backup of that =3D > (virtual) drive, you're likely to get in trouble.. > We have exchange running with Groupshield for Exchange....=20 > Never had =3D problems.... >=20 > Dennis Appelboom > www.marviQ.com >=20 >=20 > -----Original Message----- > From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx] > Sent: maandag 19 mei 2003 15:45 > To: 'windows2000@xxxxxxxxxxxxx' > Subject: [windows2000] Re: VIRUS WARNING >=20 >=20 > I am, but have the exchsvr directories excluded. Actually, I=20 > have found that you need to exclude the *data directories and=20 > their subfolders, and that's all. >=20 > The only time that the file level AV even rears it's head is=20 > when the =3D mail AV quarantines a virus or blocks an attached=20 > file. The file it =3D quarantines to is scanned by the file level AV. >=20 > Makes it easy to fine blocked non-virus files... look for a=20 > file block without a corresponding file-level log entry. =20 > Then proceed carefully... >=20 > Glenn Sullivan, MCSE+I MCDBA > David Clark Company Inc. >=20 >=20 > -----Original Message----- > From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx] > Sent: Monday, May 19, 2003 9:39 AM > To: windows2000@xxxxxxxxxxxxx > Subject: [windows2000] Re: VIRUS WARNING >=20 >=20 >=20 > I hope you're not running file AV scanning on an Exchange server! >=20 > > -----Original Message----- > > From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]=3D3D20 > > Sent: Monday 19 May 2003 14:40 > > To: 'windows2000@xxxxxxxxxxxxx' > > Subject: [windows2000] Re: VIRUS WARNING > >=3D3D20 > >=3D3D20 > >=3D3D20 > > I suppose that some people don't control their mail=20 > servers,=3D3D20 but=20 > >for those of you that do, why would anyone allow .exe or=3D3D20 .pif = > >files through? =3D3D20 > > I've been blocking a whole list of attachments for a couple=3D3D20 > > years (the Martin list...) and, while I do run file-level AV=3D3D20 > > on the mail server, they are all caught by the attachment=20 > blocking... > >=3D3D20 > > Glenn Sullivan, MCSE+I MCDBA > > David Clark Company Inc. > >=3D3D20 > >=3D3D20 > > -----Original Message----- > > From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx] > > Sent: Monday, May 19, 2003 9:33 AM > > To: windows2000@xxxxxxxxxxxxx > > Subject: [windows2000] Re: VIRUS WARNING > >=3D3D20 > >=3D3D20 > >=3D3D20 > > Thanks Jim. Do you know if the latest Norton definitions can=3D3D20 > > catch this one? > >=3D3D20 > > > -----Original Message----- > > > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=3D3D3D20 > > > Sent: Monday 19 May 2003 14:24 > > > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=3D3D3D20 = =3D3D20=20 > > >brainstem@xxxxxxxxxxxxx > > > Subject: [windows2000] VIRUS WARNING > > >=3D3D3D20 > > >=3D3D3D20 > > >=3D3D3D20 > > > If you receive an email from Support@xxxxxxxxxxxxx that=20 > has=3D3D3D20 =20 > > >=3D > an =3D3D >=20 > > >attachment DO NOT OPEN IT! This is a virus. Delete it=3D3D3D20 = =3D3D20 > > immediately. =3D3D20 > > >My mcaffee I updated yesterday is not catching=3D3D3D20 =20 > this one.=3D3D20 > > Watch out!=3D3D20 > > >Regards, Jim Kenzig =3D3D3D20 > > >=3D3D3D20 > > > VIRUS WARNING The Central Command(r) Emergency Virus=20 > Response=3D3D3D20 > > > Team(tm) (EVRT(tm)) has received virus infection reports for =3D3D > the=3D3D3D20 > > > new Internet Worm/Palyh.A=3D3D3D20=20 > > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > > user/std_adp.p > > > hp?p_refno=3D3D3D3D030518-000043>. Due to increased customer =3D3D > inquires=3D3D3D20 > > > and infection reports the EVRT is issuing a VIRUS ALERT. =3D3D3D20 > > > You are receiving this news letter because you are a=3D3D3D20 > > > subscriber to the Central Command Virus News mailing list. > > >=3D3D3D20 > > > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=3D3D3D20 > > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > > user/std_adp.p > > > hp?p_refno=3D3D3D3D030518-000043> ] > > >=3D3D3D20 > > > Name: Worm/Palyh.A=3D3D3D20 > > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > > user/std_adp.p > > > hp?p_refno=3D3D3D3D030518-000043> > > > Alias: Win32.Palyh-A > > > Type: Internet Worm > > > Discovered: May 18, 2003 > > > Size: 52.955KB > > > Platform: Microsoft Windows 9x/ME/NT/2000/XP > > >=3D3D3D20 > > >=3D3D3D20 > > > Description: > > >=3D3D3D20 > > > Worm/Palyh.A=3D3D3D20 > > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D3D3D3D030518-000043> is an Internet worm that=20 > spreads=3D3D20 =20 > >through e-mail by using addresses it collects in the=20 > files=3D3D20 with=20 > >the following extensions, .dbx, .eml, .htm, .html, .txt,=3D3D20 and=20 > >.wab. =3D3D20 > > The worm may arrive in via email in the following format: > >=3D3D20 > > From: support@xxxxxxxxxxxxx > > Subject: (it will contain one of the following) > >=3D3D20 > > - Your Password > > - Screensaver > > - Re: Movie > > - Your details > > - Approved (Ref: 38446-263) > > - Re: Approved (Ref: 3394-65467) > > - Cool screensaver > > - Re: My details > > - Re: My application > > - Re: Movie > >=3D3D20 > > Attachment: (it will contain one of the following) > >=3D3D20 > > - movie28.pif > > - application.pif > > - ref-394755.pif > > - approved.pif > > - doc_details.pif > > - your_details.pif > > - screen_temp.pif > > - screen_doc.pif > > - password.pif > >=3D3D20 > > If executed, the worm copies itself in the \windows\=3D3D20 > > directory under the filename "mscon32.exe". > >=3D3D20 > > So that it gets run each time a user restart their computer=3D3D20 > > the following registry key gets added: > >=3D3D20 > > - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run > > "System Tray"=3D3D3D3D"C:\\WINDOWS\\MSCON32.EXE" > >=3D3D20 > >=3D3D20 > > =3D3D > = =3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D= 3D3D3 > D=3D3D3D3D=3D3D=3D > 3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D=3D3D=20 > 3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3 > > D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D > > = =3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D= 3D3D3D > > To Unsubscribe, set digest or vacation > > mode or view archives use the below link. > >=3D3D20 > http://thethin.net/win2000list.cfm >=20 > = =3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D= 3D3D=3D3D3D=3D3 > D3D=3D3D3D=3D3D=3D > = 3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D= 3D > =3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D > To Unsubscribe, set digest or vacation > mode or view archives use the below link. >=20 http://thethin.net/win2000list.cfm =3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D= 3D3D=3D3D3D=3D3D3D=3D3D3D=3D3 D=3D 3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D= 3D =3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D= 3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D =3D3D=3D =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D= 3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D =3D3D=3D =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm