Hello All
Justin Moose , hit it on the nail it was an worm process "ssm" , for info it bypass imail completely thus it was nor in any logs , so declude could not help . We do not know how it got there, but it show up on 1/28/7 then when dormant until 2/5/7 . Please explain how blackice will help and has anyone ever used winshark by advances inc . Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com <http://www.norad.com/> [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 6:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com <http://www.norad.com/> [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
image003.gif
Description: GIF image
image004.gif
Description: GIF image
