Virtually all the current viruses forge the from address, so bounce back virus warnings almost always go to the wrong person and therefore serve no useful purpose whatsoever. Reassure your user that those messages mean nothing.
-Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Christine Easton Sent: Thursday, 04 March, 2004 8:58 To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. This is an sort of off topic question. One of my users has been getting a response from a trend scanner at another company stating that the e-mail she sent to them had a virus infected. She never sent an e-mail to this person and the company is not in her contact list. I've scanned her computer, and there is nothing found. I've been checking everywhere and everything and we were not infected with the virus (hopefully) it's mentioning. We do not have a filter/scanner like trend so we are not able to block any attachments, however, we have been up-to-date with our Norton Virus defs and we do run Nav for exchange which has been catching all the latest viruses. Does anyone have any clues why this is happening? -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 11:44 AM To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. You can always print out the zip file and fax it. -Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Fyodorov, Andrey FTL Sent: Thursday, 04 March, 2004 6:11 To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. Dang... First Howard Stern gets removed from some radio stations, now can't use zips anymore... Sounds like an end of an era. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Durkee, Peter Sent: Wednesday, March 03, 2004 4:21 PM To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. Exactly...Antigen has been catching Bagle.J here without a problem, but I suspect that if I were counting on its normal ability to remove pif or exe files from inside the Bagle.J zip files, then I'd be disappointed. I've gone to blocking all zips, just because so many of the new viruses are using them, and the time when you're really vulnerable is when the first wave comes ashore, before the scanners have been updated. -Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alverson, Tom Sent: Wednesday, 03 March, 2004 12:43 To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. They probably added a signature for some of the bytes of the encrypted/zipped virus (as well as different signatures for the expanded version). The whole anti-virus scanning thing works on finding a unique pattern of data within the virus. Tom -----Original Message----- From: Dumke, Jane [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 2:59 PM To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. A lot of discussion has been going on here on our campus with the theme that password encrypted files can't be scanned. So why are Bagle.H variants being caught by ScanMail 6.2 for Exchange then? Are they using a heuristic to catch this instead of finding the actual virus pattern in the file itself? Jane Dumke Email Administrator University of Wisconsin - Stevens Point <mailto:[EMAIL PROTECTED]> phone:(715)346-2463 fax:(715)346-4577 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chinnery, Paul Sent: Wednesday, March 03, 2004 1:34 PM To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. I just sent out an email to our users stating that for the forseeable future, all zip files will be blocked. That's gonna be a PITA. People have really come to rely zipping files. (Although why someone would zip a 500K Word doc down to 350K is beyond me.) Paul Chinnery Network Administrator Mem Med Ctr -----Original Message----- From: Pfefferkorn, Pete (pfeffepe) [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 1:26 PM To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. I manually downloaded and updated both the engine as well as the new pattern that has not been released yet. I guess scanmail cannot scan password encrypted attachments so back to blocking the Zips. Sophos does not scan password encrypted either. -----Original Message----- From: Chinnery, Paul [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 1:06 PM To: Exchange Discussions Subject: RE: BAGEL32.J Varient and ScanMail Engine. Are you sure about the engine? Their sites says 6.810. We got a couple of the bagle.j come through. Thankfully, Trend's desktop AV caught them. Paul Chinnery Network Administrator Mem Med Ctr -----Original Message----- From: Pfefferkorn, Pete (pfeffepe) [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 9:46 AM To: Exchange Discussions Subject: BAGEL32.J Varient and ScanMail Engine. I noticed that Trend has a new engine out there 6.860 and the manual update does not update to that version. It looks as if the new BAGEL32.J variant got through on our system and I'm wondering if that engine is required to catch it? _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =& lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =& lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode =&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
