I don't know what the deal is with this latest version of BugBear, but it's really a problem.
I started having issues with it on the 4th. The remote access and key logger are the scary parts of this worm. I have had it get past two A/V scanners. One on mail and one on workstations. I have double extensions blocked and all the usual extensions too. I recommend everyone be on alert for this one: http://vil.nai.com/vil/content/v_100358.htm http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BUGBE AR.B -Kevin > -----Original Message----- > From: Tim Gowen [mailto:[EMAIL PROTECTED] > Posted At: Friday, June 06, 2003 7:25 AM > Posted To: Exchange > Conversation: ScanMail missing tricks? > Subject: ScanMail missing tricks? > > > > A user got an infected attachment right to her Inbox, which > doesn't ever > happen here since we started using ScanMail. I have ScanMail > 3.52 (Exch 5.5 > SP4) blocking all the attachments on the List of Danger, and yet this > BUGBEAR.B file - QABACKUP.EXE.SCR - got through to the Inbox. > A Manual scan > showed up six other virus-infected attachments which had > apparently got > through. But the manual scan does not pick up the file I > just mentioned, > which is now in my Deleted Items. A copy is on my hard drive > and Sophos > AntiVirus also doesn't detect it. > > Is it possible that ScanMail misses out on some messages if > several arrive > at once, or is there another more likely solution? I have > sent the file to > Trend and Sophos to see what they say, but the attachment > blocking was, I > thought, non-negotiable and always works. Luckily I badger > my users about > the danger of attachments on a fairly regular basis. > > > Tim > > -- > Tim Gowen > RAF Museum > IT Dept. > > > Confidentiality: This e-mail and its attachments are intended > for the above > named only and may be confidential. If they have come to you > in error you > must take no action based on them, nor must you copy or show > them to anyone; > please reply to this e-mail and highlight the error. > > Security Warning: Please note that this e-mail has been created in the > knowledge that Internet e-mail is not a 100% secure > communications medium. > We advise that you understand and observe this lack of security when > e-mailing us. > > Viruses: Although we have taken steps to ensure that this e-mail and > attachments are free from any virus, we advise that in > keeping with good > computing practice the recipient should take steps to confirm > that they are > actually virus free. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]