Another tack, might I suggest using an IP scanner and scanning for 3127 and 3198 accross an address range http://www.angryziber.com/ipscan/ you can set the ports to scan
from http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.A "It runs a backdoor component, which it drops as the file SHIMGAPI.DLL. The backdoor component opens port 3127 to 3198 to allow remote users to access and manipulate infected systems. Note that it allows remote access even after February 12, 2004. " >>> [EMAIL PROTECTED] 29/01/2004 7:07:19 a.m. >>> Unfortunatley, that really doesn't do me much good. Need IP info and attachment name really to be useful in this situation. -----Original Message----- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 12:55 PM To: Exchange Discussions Subject: RE: Tracking Viruses originator via log files? It will however give you who sent it, time , size etc....if that's at all useful. -----Original Message----- From: Pfefferkorn, Pete (pfeffepe) [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 12:47 PM To: Exchange Discussions Subject: RE: Tracking Viruses originator via log files? I looked at the message tracking logs, but I don't see anything in the log that tells me which user sent a attachment name which I could trace back. Or am I missing something. -----Original Message----- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 12:41 PM To: Exchange Discussions Subject: RE: Tracking Viruses originator via log files? Message Tracking. -----Original Message----- From: Pfefferkorn, Pete (pfeffepe) [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 12:37 PM To: Exchange Discussions Subject: Tracking Viruses originator via log files? Exchange 5.5 running ScanMail. Got a stupid question. We run ScanMail which is intercepting the MiMail.R virus no problem. The issue we have is tracing it back to the machines that are actually sending it. Our campus is pretty large and tracing back infected machines is a challenge. I can physically go into the mail account that received the message and look at the header but I was wonder if there was an easier way using SMTP logs or something in Exchange to get that information. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Northland State of the Environment Report 2002 now online at www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
