[windows2000] Re: VIRUS WARNING

• From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
• To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
• Date: Mon, 19 May 2003 10:25:26 -0400

I would agree, in all cases but .exe and .com files.

My list of files to block is a list of files that users don't normally send
about.  For example, when was the last time that someone legitimately sent a
.pif (Program Information File) or .scr (screen saver file)?  How about an
.hta (HTML Application) or a .chm (Compiled Help Module)?  Not frequently.

I have a high level of trust on my Exchange Antivirus (Trend ScanMail, if
anyone cares) and it checks for updates hourly.  But on the off chance
something gets missed, the attachment blocking protects.

In 4 years, I have had exactly 4 instances of a file being blocked that was
actually required.

(Granted I am not counting the numerous times a cheesy flash game was
blocked, but we won't go into that...)

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.


-----Original Message-----
From: SewardAdmin [mailto:mwm@xxxxxxx]
Sent: Monday, May 19, 2003 10:12 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VIRUS WARNING



Hi,

Norton AV - Corporate Version 8 catches this one - and we've never had a
virus problem, even in previous versions.  However, since version 8, all
virus-defs are less than 100kbs for updates, but before this version,
auto-updates downloaded the entire listing - prior to updating.... which was
stupid!  Now - auto-updates are almost instant - as well as all users on the
server.

Another great feature that NavCorp has added, was to keep it in the
background - and not bother anyone.  All viruses - via email or other
means - can be setup to automatically delete - and users are not bothered by
the "Virus Found!" screen!  There are many more features - but I'm keeping
with the current subject.

As far as censorship - we don't!  Our IT-Staff is here to server the users,
not limit them in the ways that they can get business done!  We allow any
attachments at our organization ( for the last 3 years ) - exe's included -
and have never been infected.  99.9% of all emails with viruses (at our
organization) - are from unknown parties, and are delete by NavCorp
immediately.  No one has to be bothered - including the IT-Staff, just
because a Virus has been sent.  We can always refer to our logs - if needed.

This is an IT-Staffers responsibility, making sure that files are safe for
viewing and using, while not impeding the work flow.  And though I realize
that many IT-Departments have stricter standards and methods of ideology -
we wouldn't have a job without users!

Regards
Mike

----- Original Message ----- 
From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx>
To: <windows2000@xxxxxxxxxxxxx>
Sent: Monday, May 19, 2003 5:32 AM
Subject: [windows2000] Re: VIRUS WARNING


>
> Thanks Jim.  Do you know if the latest Norton definitions can catch this
> one?
>
> > -----Original Message-----
> > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20
> > Sent: Monday 19 May 2003 14:24
> > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=20
> > brainstem@xxxxxxxxxxxxx
> > Subject: [windows2000] VIRUS WARNING
> >=20
> >=20
> >=20
> > If you receive an email from Support@xxxxxxxxxxxxx that has=20
> > an attachment DO NOT OPEN IT! This is a virus. Delete it=20
> > immediately.  My mcaffee I updated yesterday is not catching=20
> > this one. Watch out! Regards, Jim Kenzig
> >=20
> >=20
> > VIRUS WARNING The Central Command(r) Emergency Virus Response=20
> > Team(tm) (EVRT(tm)) has received virus infection reports for the=20
> > new Internet Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043>. Due to increased customer inquires=20
> > and infection reports the EVRT is issuing a VIRUS ALERT.
> >=20
> > You are receiving this news letter because you are a=20
> > subscriber to the Central Command Virus News mailing list.
> >=20
> > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043> ]
> >=20
> > Name: Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043>
> > Alias: Win32.Palyh-A
> > Type: Internet Worm
> > Discovered: May 18, 2003
> > Size: 52.955KB
> > Platform: Microsoft Windows 9x/ME/NT/2000/XP
> >=20
> >=20
> > Description:
> >=20
> > Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D030518-000043> is an Internet worm that spreads through
> e-mail by using addresses it collects in the files with the following
> extensions, .dbx, .eml, .htm, .html, .txt, and .wab.
>
> The worm may arrive in via email in the following format:
>
> From: support@xxxxxxxxxxxxx
> Subject: (it will contain one of the following)
>
> - Your Password
> - Screensaver
> - Re: Movie
> - Your details
> - Approved (Ref: 38446-263)
> - Re: Approved (Ref: 3394-65467)
> - Cool screensaver
> - Re: My details
> - Re: My application
> - Re: Movie
>
> Attachment: (it will contain one of the following)
>
> - movie28.pif
> - application.pif
> - ref-394755.pif
> - approved.pif
> - doc_details.pif
> - your_details.pif
> - screen_temp.pif
> - screen_doc.pif
> - password.pif
>
> If executed, the worm copies itself in the \windows\ directory under the
> filename "mscon32.exe".
>
> So that it gets run each time a user restart their computer the
> following registry key gets added:
>
> - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
> "System Tray"=3D"C:\\WINDOWS\\MSCON32.EXE"
>
>
>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
> ==================================
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm


==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

• Follow-Ups:
  • [windows2000] Re: VIRUS WARNING
    • From: Rick Fogarty

Other related posts:

• » [windows2000] VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING
• » [windows2000] Re: VIRUS WARNING

1. Home
2. windows2000
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---