Sorry, i don't get your meaning, why you think it's not by a client PC virus? virus always change the PC name if using it's own SMTP engine, also, the IP maybe a broadband shared in a network, and several PCs in the network maybe all infected.
In my case, I just found that IP is infected by http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] http://vil.mcafeesecurity.com/vil/content/v_130130.htm ----- Original Message ----- From: "marc" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 25, 2004 12:01 AM Subject: Re: [Declude.Virus] about Imail1.exe security issue > > i think thats not by a clients PC virus. i got just right the ip using the > imail1.exe to existing and no existing users (217.255.255.100) searching > the log*.txt > itsd using different pc names .... > > sorry about this post, because this is not a declude issue.... > > marc > > > At 16:45 24.11.2004, you wrote: > >I'm now quite sure that it is caused by a clients PC virus, > >I use the specific email string to search the sys*.txt log, > >and found it come from 1 IP, > >I block this IP in my firewall, then this problem dispear, > >but the problem is from the IP I can not identify the > >clients PC name, because virus using forged PC name, > >and the IP is a ISP dynamic PC > >so I also can not find out who infected by which virus, > >but this virus should be a big headache to IMAIL users. > > > > > > > > > >----- Original Message ----- > >From: "Mailing Lists" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Wednesday, November 24, 2004 10:57 PM > >Subject: Re: [Declude.Virus] about Imail1.exe security issue > > > > > >> We had same issue, then mysteriously got fixed. > >> > >> Imail was aware of it as we had opened ticket. > >> > >> Everytime this would happen, the affected domain registry entry would have > >> some weird users and entries (dont recall exactly but if you search the > >> archives you will find the post). > >> > >> PV > >> > >> ----- Original Message ----- > >> From: "Mike Wiegers" <[EMAIL PROTECTED]> > >> To: <[EMAIL PROTECTED]> > >> Sent: Wednesday, November 24, 2004 9:09 AM > >> Subject: RE: [Declude.Virus] about Imail1.exe security issue > >> > >> > >> > This is odd, odd because my server has this problem also and I called > >> > Ipswitch about it and they said that my server was the only one having > >the > >> > problems. It had it several months ago (and called) and then started > >again > >> > (and called). Those are the only calls to tech support in the past > >several > >> > years for my SA. I will read the posts to find out more about this. > >> > > >> > -----Original Message----- > >> > From: [EMAIL PROTECTED] > >> > [mailto:[EMAIL PROTECTED] On Behalf Of Serge > >> > Sent: Wednesday, November 24, 2004 7:05 AM > >> > To: [EMAIL PROTECTED] > >> > Subject: Re: [Declude.Virus] about Imail1.exe security issue > >> > > >> > we had the same issue few month ago > >> > i suspected problem from declude because the addresses that appear in > >the > >> > open imail1 window looked like ones that would be generated by declude > >> > notifications (or maybe imail gses ?) > >> > anyway, rebooting the server resolved the issue back then > >> > Unfortunatly, since upgrading to 8.13 (or 8.14, can't tell exactly, > >> > because > >> > i did both in less than 48 hours) the problem is coming again, and > >> > rebooting > >> > did not help this time. > >> > if you find a solution, let me know > >> > > >> > > >> > ----- Original Message ----- > >> > From: "Crejob.com" <[EMAIL PROTECTED]> > >> > To: <[EMAIL PROTECTED]> > >> > Sent: Wednesday, November 24, 2004 10:05 AM > >> > Subject: [Declude.Virus] about Imail1.exe security issue > >> > > >> > > >> >> My Imail server keep pop up a "Create Mail Message", it's > >> >> seems that Imail1.exe is exploit by someone to try send > >> >> out spam. > >> >> I try to limit the imail1.exe user permission, but this will > >> >> result the webmail can not send out email. > >> >> Any advice on how to solve this problem? > >> >> > >> >> Regards > >> >> Brian > >> >> > >> >> --- > >> >> [This E-mail was scanned for viruses by Declude Virus > >> > (http://www.declude.com)] > >> >> > >> >> --- > >> >> This E-mail came from the Declude.Virus mailing list. To > >> >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> >> type "unsubscribe Declude.Virus". The archives can be found > >> >> at http://www.mail-archive.com. > >> >> > >> > > >> > > >> > --- > >> > [This E-mail was scanned for viruses by Declude Virus > >> > (http://www.declude.com)] > >> > > >> > --- > >> > This E-mail came from the Declude.Virus mailing list. To > >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> > type "unsubscribe Declude.Virus". The archives can be found > >> > at http://www.mail-archive.com. > >> > > >> > > >> > --- > >> > [This E-mail was scanned for viruses by Declude Virus > >> > (http://www.declude.com)] > >> > > >> > --- > >> > This E-mail came from the Declude.Virus mailing list. To > >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> > type "unsubscribe Declude.Virus". The archives can be found > >> > at http://www.mail-archive.com. > >> > >> > >> --- > >> [This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > >> > >> --- > >> This E-mail came from the Declude.Virus mailing list. To > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> type "unsubscribe Declude.Virus". The archives can be found > >> at http://www.mail-archive.com. > >> > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.Virus mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.Virus". The archives can be found > >at http://www.mail-archive.com. > > > >[Scanned for viruses by Declude Virus] > > > [Scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.