Okay, it's now a little clearer as to what occurred. Indeed as stated it did not contain executable code but is detected as "Potentially unwanted message body detected, entire message has been moved to quarantine folder~" when the email client anti-virus plug-in scans the body of the message. I found the my notebook was at DAT 4303 (Nov. 12) and when I manually updated it to DAT 4304 (Nov. 14) and opened my sent items folder, McAfee immediately quarantined it but detected it as W32/Holar. Unfortunately it poses another question :-(, why did my notebook not update my McAfee when I logged in this morning as it is set to update upon login. I do not set my notebook to hibernate, I shut it down. But that's my problem to figure out. :-)
Originally I was not able to locate information about the specifics of why I was getting these messages in the format they were in. I had not seen it mentioned on this list at all nor could I find information about it on NAI's site. At first I just received a few of them from a specific address and just thought the message may have originally contained a live virus but was corrupted somehow as it also seemed incomplete. But then over the weekend I received a few other from different addresses which led me to believe the virus protection on our mail servers had a problem. Thanks again for your quick response. Richard Edge System Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -----Original Message----- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 12:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] A reminder NEVER to send live viruses to a list or just about anywhere else... list or just about anywhere else... >Are you referring to my message, Scott. It was strictly the text of a >message received and did not include anything executable. Since our Declude, >Groupshield nor my desktop McAfee detected as anything executable I felt it >was safe to send it as it was, strictly ASCII text and as such not a live >virus. I would never knowingly send a live virus in an email message. It was indeed sent in response to a post to this list. I double-checked, and it appears that the message was indeed sent in a way that should be safe (not executable). I'm guessing that we have a virus scanner here that tries to look for viruses within E-mails, but doesn't do it properly. It was caught here as W32/[EMAIL PROTECTED] I would recommend upgrading to the latest version of McAfee (.exe file) as well as downloading the latest virus definitions. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
