Re: Ongoing Virus problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: susan (smcrey_at_mindspring.com)
Date: 08/31/04 

Date: Mon, 30 Aug 2004 19:32:15 -0500

Forgot to mention: I bought and installed a new firewall that i HOPED would
help me with this problem....
It's a Netscreen NS-5GT-101-AV.

I'm still trying to decipher how to configure it properly to reject these
emails. Thought i had it, but then virus'es came on in today feeling right
at home, so i have more studying to do.

"susan" <smcrey@mindspring.com> wrote in message
news:O58Jo0ujEHA.2360@TK2MSFTNGP10.phx.gbl...
> Yep, SP1 installed and the eTrust Mail Option is running...
>
> "Kevin Weilbacher [SBS-MVP]" <kweilbacMVP@gte.net> wrote in message
> news:Ok$UkQujEHA.2236@TK2MSFTNGP12.phx.gbl...
> > what do you mean when you say -- "except exchange of course"?
> >
> > If you are not running an Exchange based mail scanner, then you're not
> > catching anything until it gets into the user's mailbox and they pick it
> up
> > with Outlook. Not quite the optimal situation, in my view.
> > --
> > Kevin Weilbacher [SBS-MVP]
> > "The days pass by so quickly now, the nights are seldom long"
> >
> >
> > "susan" <smcrey@mindspring.com> wrote in message
> > news:egpsmCujEHA.3348@TK2MSFTNGP12.phx.gbl...
> > > I'm having a problem in that we receive 5-15 virus infected emails
every
> > > day. Yes, I do have antivirus and sometimes it strips the attachment
and
> > > sometimes it doesn't (eTrust antivirus by CA). Sometimes the virus
> > > identified is Netsky.P and sometimes Netsky.C and i've had a few id'd
as
> > > Netsky.Z -- some say "trojan", some say "worm" !
> > >
> > > I have virus scanned (and online scanned using Symantec's online
> scanner)
> > > every workstation, laptop and the server (except exchange of course)
and
> > > can
> > > find NOTHING! I've researched the virus'es and know what to look for
in
> > > the
> > > registry etc. and find nothing indicating infection at any station.
> > >
> > > These infected emails sometimes have a "sender" address that is
> familiar,
> > > but most often not.
> > >
> > > I check the headers and what's puzzling is that they read: sent from
> > > "mydomain.org" received by "mail.mydomain.org".... does this
> automatically
> > > mean that they are happening WITHIN the network??? The ip address of
the
> > > supposed "sender" is not a valid internal address, but i realize all
> this
> > > stuff could be spoofed...
> > >
> > > I'm puzzled and don't know what else to do. I just have to find out
what
> I
> > > can do about this as babysitting the mail is tiring.
> > >
> > > Any ideas, suggestions, advice??
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Tiny PF 4??
    ... >I bought but never used). ... Second the email also says that TPF 5 will be out ... I am confused about Tiny Firewall, I heard a while back that Kerio ...
    (comp.security.firewalls)
  • Re: Tiny Firewall 2.0
    ... ZoneAlarm first. ... I bought Tiny 3.X and really like it. ... Full control down to the ... like some aspects of it - it's more than just a firewall. ...
    (comp.security.firewalls)
  • Re: Tiny Firewall 2.0
    ... ZoneAlarm first. ... I bought Tiny 3.X and really like it. ... Full control down to the ... like some aspects of it - it's more than just a firewall. ...
    (comp.security.firewalls)
  • Re: Firewall (cheap) that supports PPTP inbound to firewall
    ... the Snapgear units supported pptp terminating at the ... firewall. ... They were bought out by another ...
    (comp.security.firewalls)
  • Re: help firewall iptables port forwading
    ... I then created a firewall using IPTABLES. ... I bought a book ... >and learned from there (Linux Security Basics in 24 Hours). ...
    (comp.os.linux.security)