Re: OT: virus in list
- From: "Steve Moffat" <steve@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 6 Jun 2003 00:18:18 +0100
On this very sobig topic, I have had around 50 spurious nav replies
telling me I have just sent out an email with an infected document.pif
also
Steve
Steve Moffat
Lower Apartment
35 Melville Road
Devonshire
DV07
Bermuda
-----Original Message-----
From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx]
Sent: Thursday, June 05, 2003 8:04 PM
To: [ISAserver.org Discussion List]
http://www.ISAserver.org
YOU GO JIMBO
Greg Mulholland
Tech Services Manager
Harvey Norman
+613 98019333
greg_mul@xxxxxxxxxxxxxxx
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, June 06, 2003 7:16 AM
To: [ISAserver.org Discussion List]
http://www.ISAserver.org
Here was my response to this kind of "auto-advisor" code today:
(his mail)
----- Original Message -----
From: "Postmaster" <postmaster@xxxxxxxxxxxxxxxxxxxxxx>
To: <postmaster@xxxxxxxxxxxx>
Sent: Thursday, June 05, 2003 00:32
Subject: Your mail server sent us a virus
The Virus software on our mail server detected the W32/Sobig.C@mm virus
that appears to have come from your mail server. It was sent in
an attachment application.pif, from jim@xxxxxxxxxxxx to
kosmoski@xxxxxxxxxxxxxxxxxx,
with the subject "Re: Movie". The Message-ID was:
<20030605023254.SM01532@FREMIOT-PC>.
If your mail server had virus protection, it would have caused less work
for
our server and would have likely prevented one of your users from
getting a
virus in the first place!
(my response)
Hello,
Five points for you to ponder:
1. I've examined my mail server logs for the past week and no such mail
ever
left my server.
2. I have server-based AV scanning and it has been catching Sobig for
the
last week.
3. It's one of the attributes of Sobig that the source email addr is
spoofed.
4. If you examine the mail header and your own mail logs, you'll likely
see
that regardless of the "source email address", the source IP is not
mine.
5. If your automation was smarter, I wouldn't have to respond to inane
comments like "If your mail server had virus protection, it would have
caused less work for our server and would have likely prevented one of
your
users from getting a virus in the first place!"
The fact is, if you used smarter virus response automation, I wouldn't
have
to waste my time educating you.
Get a clue; they're free.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Dan Gabbard" <intellihome@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 05, 2003 12:47
Subject: [isalist] OT: virus in list
http://www.ISAserver.org
I just sent a reply to a post and then received an out-of-office reply
that
had a virus attached, according to Norton AV. The virus came from
"NAVMSE-BRUMAIL@xxxxxxxxxxx" I think, not sure how Norton handle these.
Has
this happened to anyone else on the list?
Dan
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg_mul@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
This E-Mail is confidential. It is not intended to be read, copied, disclosed
or used by any person other than the recipient named above.
Unauthorised use, disclosure, or copying is strictly prohibited and may be
unlawful. Optimum Computer Solutions disclaims any liability for any action
taken in connection of this E-Mail. The comments or statements expressed in
this E-Mail are not necessarily those of Optimum Computer Solutions or its
subsidiaries or affiliates.
administrator@xxxxxxxxxxxxxxx
Other related posts:
