SMTP alert NOOP and W32/Bagle variants

• From: "Darryl Janetzki" <darrylj@xxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 2 Sep 2004 21:11:51 +1000

I submitted this several days ago... it never made it to the list. I am
receiving frequent SMTP virus storms. They last about 30 minutes. The AV
software on the ISA server dispatches them... However, one virus got
through yesterday while my AV software was updating. 

W32/Bagle variants 
Yesterday and today, variants of W32/Bagle - .AT, .AU and .AV. The
threat was almost over before it started however, due to an inability
for the downloading component to locate a viable copy of its mass-mailer


This is the ISA Server alert: The SMTP command exceeded its allowed
length NOOP
Is this a probe for spam emails and viruses? What can I do to prevent
these  alerts? I am considering not scanning the SMTP folders so that
ISA can drop the offending emails.   

Thanks in advance for any suggestions?
Darryl Janetzki

Other related posts:

• » SMTP alert NOOP and W32/Bagle variants

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---