Webmail or IMAP, perhaps? Check the mail headers for the IP sending it. Kenny > -----Original Message----- > From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, July 13, 2005 8:49 AM > To: [ExchangeList] > Cc: [ExchangeList] > Subject: [exchangelist] RE: W32Netsky-B > > http://www.MSExchange.org/ > > Hi Again Spence, > > > I share your pain in the heat :o( Alas, still no go with > POP3, although thanks for your reply! We block POP3 traffic > at firewall level. Any other suggestions? > > > Many thanks for your time, > Sian. > > -----Original Message----- > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] > Sent: 13 July 2005 14:29 > To: [ExchangeList] > Subject: [exchangelist] RE: W32Netsky-B > > http://www.MSExchange.org/ > > With regards to the pop3 accounts - I didn't explain myself > very well (it is very hot here!) > > Outlook on my PC has 2 accounts > 1 setup to look at the exchange server internally. > 1 setup to download mail from our other company's pop3 server > (external to my network) and store them in the exchange > system, not a PST. > > I have had bad mail delivered from the pop3 account into the > exchange server store and the desktop AV has caught it - this > is definitely due to the external mailserver not having AV > and anti-spam software! > I'm guessing that this is a very bad setup (waiting for the > comments!), but I like my mail in 1 place and that's the > exchange server! > > Now I think about this, the user might need local admin > priviledges to do that - I have domain admin so I can cause havoc! > > .....Spence > > -----Original Message----- > From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx] > Sent: 13 July 2005 14:07 > To: Spencer Read (Nemesis) > Cc: [ExchangeList] > Subject: RE: [exchangelist] RE: W32Netsky-B > > Hi Spence > > Thanks for your reply. No, we don't have any POP3 connectors > running, and no, we have no VPN access! Any other ideas?! > > Thanks for your time :o) > > > Sian. > > -----Original Message----- > From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] > Sent: 13 July 2005 14:05 > To: [ExchangeList] > Subject: [exchangelist] RE: W32Netsky-B > > http://www.MSExchange.org/ > > Any home PCs/Laptops that VPN into the network? > Any users that get mail from other pop3 accounts and store > the messages on the exchange server? > > ...Spence > > ________________________________ > > From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx] > Sent: 13 July 2005 13:13 > To: [ExchangeList] > Subject: [exchangelist] W32Netsky-B > > > http://www.MSExchange.org/ > > > People, > > > > I'm being alerted to W32/Netsky-B worms trying to run in my > domain. My workstation level AV is stopping the virus from > running so it's not yet a terrible problem. However I'd like > to know how these messages got in. > We've SMTP AV scanning at our gateway, and no sign of the > message passing through. However the message is residing in > the Inbox/ Deleted Items of users mailboxes, with evidence of > the unzipped file in Outlook's temporary area. I know this > worm will spoof the address of the sender, but surely I > should still this spoofed 'From' address in my gateway SMTP logs? > > > > If anyone can explain how this may be getting in, I'd be > extremely grateful. > > > > > > Many Thanks, > > Sian. > > > > > > > -- > > > > > > <http://www.nelondon.nhs.uk/images/nhs.gif> Backs the Bid > Newham University Hospital NHS Trust Backs the Bid: > Please add your support for the 2012 Olympic and Paralympic > Games at www.london2012.com <http://www.london2012.com/> > > > > > > > -------------------------------------------------------------- > ---------- > ----------------- > The Information contained in this message is confidential and > is intended for the addressee only. If you have received this > message in error or there are any problems please notify the > originator immediately. > The unauthorised use, disclosure, copying or alteration of > this message is strictly forbidden. This mail and any > attachments have been scanned for viruses prior to leaving > the Newham University Hospital NHS Trust network. > Newham University Hospital NHS Trust will not be liable for > direct, special, indirect or consequential damages arising > from alteration of the contents of this message by a third > party or as a result of any virus being passed on. > -------------------------------------------------------------- > ---------- > ------------------- > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org > Discussion List as: > ser@xxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org > Discussion List as: > sian.clarke@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > -- > ------------------------------------------------------------------- > This message has been inspected by DynaComm i:mail > -------------------------------------------------------------- > --------- > > > > > -- > NHS Backs the Bid > Newham University Hospital NHS Trust Backs the Bid: > Please add your support for the 2012 Olympic and Paralympic Games at > www.london2012.com > -------------------------------------------------------------- > ---------- > ----------------- > The Information contained in this message is confidential and is > intended for the addressee only. If you have received this message in > error or there are any problems please notify the originator > immediately. > The unauthorised use, disclosure, copying or alteration of > this message > is strictly forbidden. This mail and any attachments have > been scanned > for viruses prior to leaving the Newham University Hospital NHS Trust > network. > Newham University Hospital NHS Trust will not be liable for direct, > special, > indirect or consequential damages arising from alteration of the > contents > of this message by a third party or as a result of any virus being > passed on. > -------------------------------------------------------------- > ---------- > ------------------- > > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org > Discussion List as: > sian.clarke@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > -- > ------------------------------------------------------------------- > This message has been inspected by DynaComm i:mail > -------------------------------------------------------------- > --------- > > > > > -- > NHS Backs the Bid > Newham University Hospital NHS Trust Backs the Bid: > Please add your support for the 2012 Olympic and Paralympic Games at > www.london2012.com > -------------------------------------------------------------- > --------------------------- > The Information contained in this message is confidential and is > intended for the addressee only. If you have received this message in > error or there are any problems please notify the originator > immediately. > The unauthorised use, disclosure, copying or alteration of > this message > is strictly forbidden. This mail and any attachments have > been scanned > for viruses prior to leaving the Newham University Hospital > NHS Trust network. > Newham University Hospital NHS Trust will not be liable for > direct, special, > indirect or consequential damages arising from alteration of > the contents > of this message by a third party or as a result of any virus > being passed on. > -------------------------------------------------------------- > ----------------------------- > > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org > Discussion List as: nazadus@xxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx >