[windows2000] Re: VIRUS WARNING
- From: "Rick Fogarty" <rick@xxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 19 May 2003 10:32:22 -0400
I agree with Glenn. Close to a year ago, we finally bit the bullet and
stopped many files from coming through. With that, our virus =
notifications
have gone down to almost nil! With the files being blocked at the =
firewall,
the desktops/servers having protection and scanning SMTP files - we have
almost NONE!!!
In our case, we do get several per month... Each is always from a floppy
disk from one of our students...
No brainer IHMO,
Rick
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn
Sent: Monday, May 19, 2003 10:25 AM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Re: VIRUS WARNING
I would agree, in all cases but .exe and .com files.
My list of files to block is a list of files that users don't normally =
send
about. For example, when was the last time that someone legitimately =
sent a
.pif (Program Information File) or .scr (screen saver file)? How about =
an
.hta (HTML Application) or a .chm (Compiled Help Module)? Not =
frequently.
I have a high level of trust on my Exchange Antivirus (Trend ScanMail, =
if
anyone cares) and it checks for updates hourly. But on the off chance
something gets missed, the attachment blocking protects.
In 4 years, I have had exactly 4 instances of a file being blocked that =
was
actually required.
(Granted I am not counting the numerous times a cheesy flash game was
blocked, but we won't go into that...)
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: SewardAdmin [mailto:mwm@xxxxxxx]
Sent: Monday, May 19, 2003 10:12 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VIRUS WARNING
Hi,
Norton AV - Corporate Version 8 catches this one - and we've never had a
virus problem, even in previous versions. However, since version 8, all
virus-defs are less than 100kbs for updates, but before this version,
auto-updates downloaded the entire listing - prior to updating.... which =
was
stupid! Now - auto-updates are almost instant - as well as all users on =
the
server.
Another great feature that NavCorp has added, was to keep it in the
background - and not bother anyone. All viruses - via email or other =
means
- can be setup to automatically delete - and users are not bothered by =
the
"Virus Found!" screen! There are many more features - but I'm keeping =
with
the current subject.
As far as censorship - we don't! Our IT-Staff is here to server the =
users,
not limit them in the ways that they can get business done! We allow =
any
attachments at our organization ( for the last 3 years ) - exe's =
included -
and have never been infected. 99.9% of all emails with viruses (at our
organization) - are from unknown parties, and are delete by NavCorp
immediately. No one has to be bothered - including the IT-Staff, just
because a Virus has been sent. We can always refer to our logs - if =
needed.
This is an IT-Staffers responsibility, making sure that files are safe =
for
viewing and using, while not impeding the work flow. And though I =
realize
that many IT-Departments have stricter standards and methods of ideology =
-
we wouldn't have a job without users!
Regards
Mike
----- Original Message -----=20
From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx>
To: <windows2000@xxxxxxxxxxxxx>
Sent: Monday, May 19, 2003 5:32 AM
Subject: [windows2000] Re: VIRUS WARNING
>
> Thanks Jim. Do you know if the latest Norton definitions can catch=20
> this one?
>
> > -----Original Message-----
> > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=3D20
> > Sent: Monday 19 May 2003 14:24
> > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=3D20 =20
> >brainstem@xxxxxxxxxxxxx
> > Subject: [windows2000] VIRUS WARNING
> >=3D20
> >=3D20
> >=3D20
> > If you receive an email from Support@xxxxxxxxxxxxx that has=3D20 an =
> >attachment DO NOT OPEN IT! This is a virus. Delete it=3D20 =20
> >immediately. My mcaffee I updated yesterday is not catching=3D20 =
this=20
> >one. Watch out! Regards, Jim Kenzig =3D20
> >=3D20
> > VIRUS WARNING The Central Command(r) Emergency Virus Response=3D20
> > Team(tm) (EVRT(tm)) has received virus infection reports for =
the=3D20
> > new Internet Worm/Palyh.A=3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D3D030518-000043>. Due to increased customer =
inquires=3D20
> > and infection reports the EVRT is issuing a VIRUS ALERT.
> >=3D20
> > You are receiving this news letter because you are a=3D20
> > subscriber to the Central Command Virus News mailing list.
> >=3D20
> > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D3D030518-000043> ]
> >=3D20
> > Name: Worm/Palyh.A=3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D3D030518-000043>
> > Alias: Win32.Palyh-A
> > Type: Internet Worm
> > Discovered: May 18, 2003
> > Size: 52.955KB
> > Platform: Microsoft Windows 9x/ME/NT/2000/XP
> >=3D20
> >=3D20
> > Description:
> >=3D20
> > Worm/Palyh.A=3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D3D030518-000043> is an Internet worm that spreads through =
> e-mail by using addresses it collects in the files with the following=20
> extensions, .dbx, .eml, .htm, .html, .txt, and .wab.
>
> The worm may arrive in via email in the following format:
>
> From: support@xxxxxxxxxxxxx
> Subject: (it will contain one of the following)
>
> - Your Password
> - Screensaver
> - Re: Movie
> - Your details
> - Approved (Ref: 38446-263)
> - Re: Approved (Ref: 3394-65467)
> - Cool screensaver
> - Re: My details
> - Re: My application
> - Re: Movie
>
> Attachment: (it will contain one of the following)
>
> - movie28.pif
> - application.pif
> - ref-394755.pif
> - approved.pif
> - doc_details.pif
> - your_details.pif
> - screen_temp.pif
> - screen_doc.pif
> - password.pif
>
> If executed, the worm copies itself in the \windows\ directory under=20
> the filename "mscon32.exe".
>
> So that it gets run each time a user restart their computer the=20
> following registry key gets added:
>
> - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
> "System Tray"=3D3D"C:\\WINDOWS\\MSCON32.EXE"
>
>
>
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D=
3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D
> =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
