getting hit hard here....597 stops it. I've seen over 500+ stopped by email virus filter in 10 mins. _____ Brian Claus, A+, Network+, MCP Network Administrator WESCO Distribution, Inc. 225 West Station Square Drive, Suite 700 Pittsburgh, PA 15219-1122 Phone: 412-454-2412 Fax: 412-454-2540 <mailto:bclaus@xxxxxxxxxxxxx> bclaus@xxxxxxxxxxxxx _____ -----Original Message----- From: John Twilley [mailto:John.Twilley@xxxxxxxxxxxxxxxxxxxxx] Sent: Friday, August 01, 2003 2:07 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Possible New Virus Shit! We just got 30 or more of these message.zip attachments... Right thru the Trend Scanmail servers! Update to Pattern 597 (Trend) !!!!!!!!!! _____ From: John Twilley Sent: Friday, August 01, 2003 1:50 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Possible New Virus Always on Fridays.... _____ From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx] Sent: Friday, August 01, 2003 1:17 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Possible New Virus trend is calling it WORM_MIMAIL.A http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIM AIL.A -----Original Message----- From: Joe Fojut [mailto:Fojut.Joseph@xxxxxxxx] Sent: Friday, August 01, 2003 1:05 PM To: Citrix Mail List Subject: [THIN] Possible New Virus Just received this from Symantec: There have been some preliminary reports of a new virus that will likely reveal itself as the day progresses. It hasn't been given an official name as of yet and we only have limited information at the moment. As a preventative measure, I would strongly suggest setting up some filtering rules at your e-mail gateway to block any attachments named "message.zip" or "message.html" and if you can filter based on subject line, also filter on the phrase "your account" without quotes (for file names as well of course). Samples have been submitted and Symantec Security Response is currently analyzing them Regards, Joe Fojut Research Computing Facility Mayo Foundation Rochester, MN 507/538-0159