Re: [Declude.Virus] Netsky returns with auto-response

[Matt]

It looks like it didn't detect an attachment.  I think the standard procedure is to send the full source of the message to virustrap [at] declude [dot] com and ask Scott to take a look at it.  Sending to this list wouldn't be advised for obvious reasons. Matt Rodney Bertsch wrote: 20040324 110224 127.0.0.1 SMTPD (D53600D6) [10.10.10.3] connect 207.171.167.25 port 19310 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] HELO iad-fw-global.amazon.com 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] MAIL From:<[EMAIL PROTECTED]> 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] RCPT To:<[EMAIL PROTECTED]> 20040324 110224 127.0.0.1 SMTPD (D53600D6) [207.171.167.25] C:\IMail\spool\Db110d53600d64d81.SMD 44044 20040324 110224 127.0.0.1 SMTPD (D53600D6) performing antispam checks 03/24/2004 11:02:31 Qb110d53600d64d81 Scanned: Virus Free -- Norton detected it as [EMAIL PROTECTED] virus from the attachment of msg_auto-confirm.pif. Norton definitions on the desktop are dated 3/22/04. The file size reported by Norton for the attached file was 28.8 KB. Thanks, - Rodney -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Wednesday, March 24, 2004 3:44 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Netsky returns with auto-response Virus log file snippet??? That helps. Have you viewed the source of the message? Could have been a zero byte file. I've seen a lot fo these with Netsky, though I thought they were all just empty zips. Matt Rodney Bertsch wrote: If this has been covered in the list please give me a keyword to search the archives so I can look up the fix, if not we're open for suggestions to halt this problem. We have declude 1.78i27 with the latest version of definitions for Innoculan. We've been catching tons of Netsky and others without a problem, until this one slipped through. Netsky spoofed our user's e-mail address as the sender and sent to [EMAIL PROTECTED]. Amazon happily auto-responded with the full content of the e-mail and sent Netsky right into our users mailbox. First of all, it doesn't look like the e-mail was scanned at all since it was a return message. Secondly it contained a .PIF file attachment, which we block. So it appears it slipped past both safety checks. Luckily Norton caught the virus at the desktop level. Any help would be much appreciated. Thanks, Rodney Bertsch IS Coordinator Kirk NationaLease Co. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================