Does anyone else bother to look at the header, do a who is on the IP and
notify the responsible party of the possible problem on their IP? I see
the
IPs in the e-mail headers so if someone was notified do you think they can
find the actually infected user? Would they bother?
MY experience,
Title: Message
Hi;
Interesting...
"... Sobig is
unusual in that it has the ability to go onto the Internet from its host PC and
update itself with new capabilities, Huger said.
Those capabilities could include tools for
denial-of-service attacks or relaying spam. "It's entirely up to the
After reading your post I went in and looked at my server, and the
[expletive deleted] McAfee Autoupdater hadn't successfully processed an
update since the 19th when it pulled 4286. That meant that we were on 4286
DATs and not the current 4288. I forced an update manually, and it pulled
these new
I have started using McAfee it looks like the server will reboot every day
or so. When installing (Win2k Server), what options are people using. When I
installed, I installed netshield and I'm getting the updates with the GUI. I
have disable the real time scanning but still seem to have some
Scott,
Still the sobig notifications are going out...I've check the postmaster.eml
file 3 times already.
There is one tab between skipvirusname and sobig.
There are no lines, or spaces or tabs before the first line.
There are no lines, spaces or tabs between the last skipvirusname and the
from
Hi,
NetShield is what I'm running. To install, I had to run:
N2Ki45L.zip (Netshield 4.5)
NNT45SP1.zip (Netshield 4.5 SP1)
And of course then you still need to run the engine upgrade to 4.2.60 (a
regular SuperDAT will accomlish that).
(I'm not sure why you need the commands as a text file, but
Is there a way to automate purging of the virus hold directory? Scott, What
about putting an option like that in declude to set a storage timeframe for
intercepted viruses?
Jim Matuska Jr.
Computer Tech II
CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
I did that with eicar and the On-Demand Scanner picked it up. However, when
I did it with Sobig.F, there was no attachment. Then I noticed that it was a
bounced message from another server (not using SKIPIFVIRUSNAMEHAS). I'm now
wondering if that is why McAfee On-Demand/Declude is not picking it
Here's the command line from my config file:
SCANFILE C:\Progra~1\Fsi\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE
/NOBOOT /DUMB /REPORT=report.txt
Terry
On the other hand, if he doesn't have -NOBOOT and it is scanning his boot
sector, should he not be concerned that it thinks he as a boot
John,
Here's what I send back to the IMail / Declude Postmasters.
-
I function as the Postmaster for domain.com domain.
An examination of our mail server logs indicates that the e-mail in question
was NOT
Here's the command line from my config file:
SCANFILE C:\Progra~1\Fsi\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE
/NOBOOT /DUMB /REPORT=report.txt
Actually, it looks like the default configuration for F-Prot includes:
VIRUSCODE 3
VIRUSCODE 6
So adding the
So I disabled the On-Access scanner and I still get the error when an email
is found with a virus
08/21/2003 16:03:46 Q2584064 ERROR: Virus scanner didn't finish after 30
seconds; terminating.
08/21/2003 16:04:03 Q2584064 Couldn't delete C:\IMail\spool\D2584064.vir\0:
32.
08/21/2003 16:04:03
Yes, that is what I have been doing on some. But I do have other work to do
too.
Of course, if everyone had their configuration correct...
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED]
Scott,
Unfortunately (actually a good thing), all the virus e-mails I have left in
the \virus directory are bounces from other servers. I don't have a Sobig.F
attachment available to test. Once I receive one, I'll re-test.
Thanks,
Bill
-- Original Message
Of course, if everyone had their configuration correct...
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
Amen, I didn't get nearly enough sleep last night and had received this
auto-response from another declude user that had received a virus from a
So I disabled the On-Access scanner and I still get the error when an email
is found with a virus
08/21/2003 16:03:46 Q2584064 ERROR: Virus scanner didn't finish after 30
seconds; terminating.
...
08/21/2003 16:04:03 Q2584064 Scanned: Virus Free [MIME: 2 1128]
Notice the last line of this
I just upgraded to the latest version let's see if that fixes the problems.
Greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Greg Foulks
Sent: Thursday, August 21, 2003 4:09 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] On Access Question
So I
You can try www.zcom.it/decludeupdater/ictcleaner.zip
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska
Sent: Thursday, August 21, 2003 5:04 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Delete or Hold for Viruses?
I just updated my Declude Virus to v1.75 and ran DECLUDE -DIAG to confirm.
At the top of the text display I saw NoMaxQueProc. I don't recall seeing
this before. Is this okay?
Alan Walters
Director of I.T.
Royce Medical
---
[This E-mail was scanned for viruses by Declude Virus
Reply to: Adrian Hauri
Re: [Declude.Virus] TCP WAIT TIME on Thursday 7:48:49 PM
Thanks! Yes. I think this is part of my problem. Also, someone
from Ipswitch was asking if I was getting lots of wait times in
HTTP service.. so I would like to experiment with this..
--
Roger Heath
[EMAIL
20 matches
Mail list logo