People, I'm being alerted to W32/Netsky-B worms trying to run in my domain. My workstation level AV is stopping the virus from running so it's not yet a terrible problem. However I'd like to know how these messages got in. We've SMTP AV scanning at our gateway, and no sign of the message passing through. However the message is residing in the Inbox/ Deleted Items of users mailboxes, with evidence of the unzipped file in Outlook's temporary area. I know this worm will spoof the address of the sender, but surely I should still this spoofed 'From' address in my gateway SMTP logs? If anyone can explain how this may be getting in, I'd be extremely grateful. Many Thanks, Sian. -- NHS Backs the Bid Newham University Hospital NHS Trust Backs the Bid: Please add your support for the 2012 Olympic and Paralympic Games at www.london2012.com ----------------------------------------------------------------------------------------- The Information contained in this message is confidential and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. This mail and any attachments have been scanned for viruses prior to leaving the Newham University Hospital NHS Trust network. Newham University Hospital NHS Trust will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. -------------------------------------------------------------------------------------------