What Matt said... Plus, a customer viewing a hostile message will not infect your server; the hypothetical infected .jpg file would simply be served up as a file and would not be "executed" on the server, just on the client that views the image.
On the other hand, one of your own technicians could have read a hostile message via webmail while on the server, which WOULD infect the server. Particularly as most Declude mailservers don't have a real time virus scanner, just the on-demand scanner for Declude Virus. Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kim Premuda > Sent: Wednesday, August 17, 2005 5:43 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] VIRUS WARNING > > To all... > > I posted this warning to the IMail list as well as the > Declude list, and someone responded with the following link > on August 16th: > > http://securityresponse.symantec.com/avcenter/venc/data/w32.es > bot.a.html > > Symantec has more precise information regarding the worm than > I can offer (in fact, they posted some not-so-obvious > registry changes we did not find), and they report that other > antivirus companies are now aware of this problem. > > I believe we were infected by this worm early on August 15th, > before any of the virus companies had a block/fix for it. I > was just trying to get the word out to others to spare them > the 2 days of frustration we went through tracking this down. > > Although I do not know exactly how we got the worm, I can > only surmise that one of our customers opened an HMTL page > containing a *.jpg file containing the worm which takes > advantage of the Plug and Play functionality of Windows (see > Symantec explanation). Last night, our local news in San > Diego reported that the city's entire network was brought > down by this worm as well as some local companies. They went > on to say that the worm was extemely virulent and just > viewing the HTML page was enough to trigger it.... > > Once infected, the worm was opening port scans throughout our > network creating a data traffic storm, thus bringing our > network to a crawl. > > Needless to say, we made certain all our servers were up to > date with Microsoft patches. > > I hope this helps! > > > > -- > Kim W. Premuda > FastWave Internet Services > San Diego, CA > > -- > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
