Odd; I haven't seen anything from you (yet?)... ..but that's the main reason I was so nasty; no headers, no logs, no nothing. What you see is what I got. The smartassed remark at the end of his autoresponder was just icing on the turd. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 05, 2003 14:35 Subject: [isalist] Re: OT: virus in list http://www.ISAserver.org This may be a case of an improperly configured notice from the same software I use. I have requested that Jim send me more information so I can follow up directly with the admin involved. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Thursday, June 05, 2003 2:16 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: OT: virus in list > > http://www.ISAserver.org > > > Here was my response to this kind of "auto-advisor" code today: > > (his mail) > ----- Original Message ----- > From: "Postmaster" <postmaster@xxxxxxxxxxxxxxxxxxxxxx> > To: <postmaster@xxxxxxxxxxxx> > Sent: Thursday, June 05, 2003 00:32 > Subject: Your mail server sent us a virus > > > The Virus software on our mail server detected the W32/Sobig.C@mm virus > that appears to have come from your mail server. It was sent in > an attachment application.pif, from jim@xxxxxxxxxxxx to > kosmoski@xxxxxxxxxxxxxxxxxx, > with the subject "Re: Movie". The Message-ID was: > <20030605023254.SM01532@FREMIOT-PC>. > > If your mail server had virus protection, it would have caused less work for > our server and would have likely prevented one of your users from getting a > virus in the first place! > > (my response) > > Hello, > > Five points for you to ponder: > 1. I've examined my mail server logs for the past week and no such mail ever > left my server. > 2. I have server-based AV scanning and it has been catching Sobig for the > last week. > 3. It's one of the attributes of Sobig that the source email addr is > spoofed. > 4. If you examine the mail header and your own mail logs, you'll likely see > that regardless of the "source email address", the source IP is not mine. > 5. If your automation was smarter, I wouldn't have to respond to inane > comments like "If your mail server had virus protection, it would have > caused less work for our server and would have likely prevented one of your > users from getting a virus in the first place!" > > The fact is, if you used smarter virus response automation, I wouldn't have > to waste my time educating you. > Get a clue; they're free. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > > ----- Original Message ----- > From: "Dan Gabbard" <intellihome@xxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, June 05, 2003 12:47 > Subject: [isalist] OT: virus in list > > > http://www.ISAserver.org > > > > > I just sent a reply to a post and then received an out-of-office reply that > had a virus attached, according to Norton AV. The virus came from > "NAVMSE-BRUMAIL@xxxxxxxxxxx" I think, not sure how Norton handle these. > Has > this happened to anyone else on the list? > > > > > > Dan > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')