Just in case anybody is interested, we upgraded to Imail 2006 last week, and we
aren't having any problems using declude v3.0.5.22 with it EXCEPT that the
confirm function for listserves doesn't seem to work right. Declude intercepts
the subscription and sends out the notification for the doubl
I'm seeing it here. Neither Norton or FPROT detect it as a virus yet. The
non-encrypted Zip file includes a .PIF file, but the filename seems to be
mangled in some way.
For now I have added
BANNAME account_info.zip
to my config. With your report, I have added account_info-text.zip as well.
We're getting hammered as well. One thing I did notice is that the virus
seems be targeting mail. instead of doing an MX lookup for the
correct mail server, and seems to be using a dictionary of common usernames
instead of working off of a compromised address book -- yet another reason to
get
The best writeup I have found so far is at
http://www.bleepingcomputer.com/forums/topict3077.html
BTW, while the bug is in the decoding of the jpeg files, the jpeg file can be renamed
to a variety of extensions and still activate the vulnerability. As such, the
following can be now considered
If the bounce messages give you enough header information to track the orignating IP
you can complain to the guy's upstream, but my experience is that most of these guys
these days are using distributed zombie machines and all you end up with is a bunch
IP's of spyware infected residential users
Since these all look like they have null originating addresses, to me they look a lot
more like virus bounce messages.
In order for it to be a reflective attack, the system being DDOS'd would have to be
listed as the originating address.
> -Original Message-
> From: [EMAIL PROTECTED]
>
Since almost all modern virus carry their own SMTP engine, almost none will be flagged
as outgoing and will be caught as incoming when they try to send their payload to
other users on the system.
I use the SENDONLYIFIP in a series of .eml files to catch messages originating from
local IP subnet
I'm running Declude 1.78i27
I'm running FProt 3.14e
I just had a customer send me an email that they received that was questionable, and
Norton on my desktop caught it as [EMAIL PROTECTED] -- which has been out for a couple
of weeks.
Since this is an encrypted EXE inside of a zip file, it doe
Title: RE: [Declude.Virus] New interim Declude Virus Pro to block bogus .bat, .com, .pif, and .scr files
If we are already blocking those extensions, how would that help?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
> Sent
ae826f4201022dc0 doesn't appear anywhere in the declude virus log, nor does
it appear in the imail spam log.
We ARE using some DNSBL's with IMail 8's anti-spam, but that ip address
isn't in any of them and there were no imail spam headers inserted into the
message.
However, I think you hit it with
I'm running IMail 8.05 and Declude 1.76i20
This morning Norton caught a copy of MyDoom in my inbox. At first I assumed
it was just one of the damaged variants, but I decided to track it down and
make sure.
Following is a log snippet from when the message came in.
20040201 205721 127.0.0.1
With no email address you would normally get a "no transport provider
available" because outlook wouldn't know what to do with it.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of ISPhuset Nordic AS
> Sent: Friday, October 03, 2003 9:53 AM
> To: [EMAIL P
Every SoBig.F virus I have received in the past 32 hours has been part of a
failure notification, where the message is returned because it never reached
its intended recipient.
The biggest offenders I blocked at our border routers, and I'm not seeing
the counters on the access list go up anymore.
13 matches
Mail list logo
