Re: Ongoing Virus problem
From: Les Connor [SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 08/31/04
- Next message: john.pope_at_otglass.com: "SBS Email Setting for Internet Mail"
- Previous message: susan: "Re: Ongoing Virus problem"
- In reply to: susan: "Re: Ongoing Virus problem"
- Next in thread: susan: "Re: Ongoing Virus problem"
- Reply: susan: "Re: Ongoing Virus problem"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 30 Aug 2004 19:35:10 -0500
Is this email infected ? Does your A/V say so, or how do you know it's
infected ? Is there an attachment ? Is the A/V product configured to delete
infected email, or clean it and send it to you anyway? (delete is the way to
go).
If this address quoin@quoin.org is not in your active directory, then why
not turn on AD filter in exchange? Not really the solution if the A/V
product isn't working right, but at least you can refuse a whole bunch of
crap before relying on A/V.
-- Les Connor [SBS MVP] ------------------------------------- SBS Rocks ! "susan" <smcrey@mindspring.com> wrote in message news:%23cHWn%23ujEHA.4092@TK2MSFTNGP10.phx.gbl... > Yes...I have gone round n round with CA and won't call them again...and > not > offended by the gender identity confusion (LOL). Virus sigs are updated > daily and i have 3rd party utility in place to block these messages. > > Popped out to the server and copied the headers from an infected mail that > came in while i wasn't looking...replaced my domain name with *** > > x-sender:dvpreaclxxst@onujj.net > x-receiver:****@****.org > thread-index: AcSO6mqj+4+RhmipTTqOkc5RtgfAvQ== > x-pp-ruleid: 1034 > x-pp-ruleorderid: 1 > x-pp-smtpvs: 1 > x-pp-fromip: 128.111.142.137 > Content-Transfer-Encoding: 7bit > x-pp-sclvalue: 1 > Received: from *****.org ([128.111.142.137]) by mail.****.org with > Microsoft > SMTPSVC(6.0.3790.0); Mon, 30 Aug 2004 18:38:12 -0500 > Content-Class: urn:content-classes:message > From: dvpreaclxxst@onujj.net > Importance: normal > Priority: normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 > To: quoin@quoin.org > Subject: Yep > Date: Mon, 30 Aug 2004 16:33:23 -0700 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0007_000057A0.00007D6D" > X-Priority: 3 > X-MSMail-Priority: Normal > Return-Path: dvpreaclxxst@onujj.net > Message-ID: *******8aZRhQdOgl4r0000003a@mail.*****.org > X-OriginalArrivalTime: 30 Aug 2004 23:38:12.0953 (UTC) > FILETIME=[6A43B490:01C48EEA] > > Does this give anyone a clue? Do i just have to live with this? > > > > "Lanwench [MVP - Exchange]" > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in > message > news:e2Uq$4ujEHA.2340@TK2MSFTNGP11.phx.gbl... >> susan wrote: >> > Correct. >> >> Whoops - sorry for the gender identity confusion. Susan. :-) >> > >> > No way of stopping this? >> >> Did you see my reply w/r/t how to block attachments & update the sig > files? >> Did you check with CA <cough> support? >> > >> > >> > "Lanwench [MVP - Exchange]" >> > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in >> > message news:%23b8j5VujEHA.3456@TK2MSFTNGP12.phx.gbl... >> >> Kevin Weilbacher [SBS-MVP] wrote: >> >>> what do you mean when you say -- "except exchange of course"? >> >> >> >> I presume he meant except the dangerous Exchange folders one should >> >> never scan with file-based software. >> >>> >> >>> If you are not running an Exchange based mail scanner, then you're >> >>> not catching anything until it gets into the user's mailbox and >> >>> they pick it up with Outlook. Not quite the optimal situation, in >> >>> my view. >> >> >> >> etrust is an Exchange aware AV product, I believe - and if he's >> >> getting some attachments stripped, he has it. >> >>> >> >>> "susan" <smcrey@mindspring.com> wrote in message >> >>> news:egpsmCujEHA.3348@TK2MSFTNGP12.phx.gbl... >> >>>> I'm having a problem in that we receive 5-15 virus infected emails >> >>>> every day. Yes, I do have antivirus and sometimes it strips the >> >>>> attachment and sometimes it doesn't (eTrust antivirus by CA). >> >>>> Sometimes the virus identified is Netsky.P and sometimes Netsky.C >> >>>> and i've had a few id'd as Netsky.Z -- some say "trojan", some say >> >>>> "worm" ! I have virus scanned (and online scanned using Symantec's >> >>>> online scanner) every workstation, laptop and the server (except >> >>>> exchange of course) and can >> >>>> find NOTHING! I've researched the virus'es and know what to look >> >>>> for in the >> >>>> registry etc. and find nothing indicating infection at any station. >> >>>> >> >>>> These infected emails sometimes have a "sender" address that is >> >>>> familiar, but most often not. >> >>>> >> >>>> I check the headers and what's puzzling is that they read: sent >> >>>> from "mydomain.org" received by "mail.mydomain.org".... does this >> >>>> automatically mean that they are happening WITHIN the network??? >> >>>> The ip address of the supposed "sender" is not a valid internal >> >>>> address, but i realize all this stuff could be spoofed... >> >>>> >> >>>> I'm puzzled and don't know what else to do. I just have to find out >> >>>> what I can do about this as babysitting the mail is tiring. >> >>>> >> >>>> Any ideas, suggestions, advice?? >> >> > >
- Next message: john.pope_at_otglass.com: "SBS Email Setting for Internet Mail"
- Previous message: susan: "Re: Ongoing Virus problem"
- In reply to: susan: "Re: Ongoing Virus problem"
- Next in thread: susan: "Re: Ongoing Virus problem"
- Reply: susan: "Re: Ongoing Virus problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
