Going aGoogling found that the Intel LANDesk uses a file called ssm.exe and there are a couple of programs listed as monitors using it, so be careful before just deleting that file.
Exactly where was the file? Since Howard is running IMail 8.15 this means that his server has been compromised ala the SMTP vulnerability that is fixed only in 8.22 (patched) and 9.1. So, it is not a virus that would be found by F-prot or Symantec, but a server hijack or comprise. John T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 3:11 PM To: [email protected] Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: [email protected] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com <http://www.norad.com/> [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
image001.gif
Description: GIF image
