Yes, you're missing something. NAV-GW engine must be 2.5.1.18 or higher, or it will slip under the radar. Even though your virus defs cover it, they're not even recognizing that the attachment's there, because the smtp server that's rolled into the virus isn't quite sending RFC compliant emails.
> -----Original Message----- > From: Olds, Dominic [mailto:[EMAIL PROTECTED]] > Posted At: Tuesday, April 23, 2002 08:47 AM > Posted To: MSExchange Mailing List > Conversation: WORM_KLEZ.G Sever Impact > Subject: RE: WORM_KLEZ.G Sever Impact > > > Am I missing something here? According to my AV vendor, > signatures from January detect and clean this thing....There > seem to be 2 variants, KLEZ.G and KLEZ.H and both are > covered. Besides which I get maybe one or two a > week...perhaps I should keep quiet. It's just a nagging > feeling that I may be blissfully unaware of a problem which > makes me ask the question... > > > -----Original Message----- > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > Sent: 23 April 2002 14:51 > To: Exchange Discussions > Subject: RE: WORM_KLEZ.G Sever Impact > > > I don't see a pattern in the originators... > Guess I'll just have to sit it out... > > -----Original Message----- > From: Bob Sadler [mailto:[EMAIL PROTECTED]] > Sent: 23 April, 2002 3:37 PM > To: Exchange Discussions > Subject: RE: WORM_KLEZ.G Sever Impact > > > If the same person is sending these in, just put that person > in your "Do not allow to receive" from pile (and server parameters). > > When SirCam was going on, there was this one person that was > infected, and every day I would get hundreds of emails saying > we stripped the attachment, the rest was delivered. I > eventually just added them to the server parameters so > everything they sent in was dumped in the bit bucket. > > > > hth, > > Bob Sadler > City of Leawood, KS, USA > Internet/WAN Specialist > 913-339-6700 X194 > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > -----Original Message----- > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 23, 2002 8:42 AM > To: Exchange Discussions > Subject: RE: WORM_KLEZ.G Sever Impact > > > euhhh > if there is a way to stop these messages coming in let me > know, 'cause Im getting like 100/hour for 4 days now... > > > -----Original Message----- > From: Candee Vaglica [mailto:[EMAIL PROTECTED]] > Sent: 23 April, 2002 3:11 PM > To: Exchange Discussions > Subject: RE: WORM_KLEZ.G Sever Impact > > > Did you do any research on the virus? > > From Symantec's site: > "The From address is randomly-chosen from email addresses > that the worm finds on the infected computer." > > That's why. > > -----Original Message----- > From: Sander Van Butzelaar [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 23, 2002 8:04 AM > To: Exchange Discussions > Subject: WORM_KLEZ.G Sever Impact > > > > Hi All > > This virus, although being detected and stripped off, still > causes an enormous amount of email traffic. I currently > receive about 50 to 60 warnings per hour. Is there anything > one can do proactively here, no, I don't mean pull out the > network cable....:-) or should I just sit out the storm until > other administrator have patched their servers. > > I'm also getting calls from other administrator saying I'm > sending the virus to them, but the user accounts they say > send these emails have nothing in there send items, nor do I > have and records in my logs, which leads me to believe this > little virus is spoofing email addresses. > > Sander > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
