A review of the Virus Incidents report shows that the Internet Mail connector has killed about 30 virus today alone.
I have Internet Scanning and Realtime scanning enabled on this box. I also perform a manual scan everyday at noon. All scans are set to scan for virus and file filtering. I currently filter about 15 extensions. (.js, .vbs, .htm, .scr, .txt.vbs, etc...........................) For some reason this was missed by the inbound scan job and the realtime scan job? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:06 PM To: Exchange Discussions Cc: [EMAIL PROTECTED] Subject: Re: Question about Antigen @ Badtrans Do you have Antigen set to scan Inbound and Outbound? I *know* we are picking up Badtrans -we have gotten more than enough copies of it picked up here. Did the logs show that you were picking up anything at all? Also, did it say "cleaned" the file? The Norton might be picking up on that, as well - a cleaned file. You aren't using the file (NAV) scanner on the Exchange directories, are you? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -K.Borndale Network Administrator Sybari Software 631.630.8569 -direct dial 631.439.0689 -fax http://www.sybari.com "One man's ceiling is another man's floor" |--------+-----------------------------------> | | [EMAIL PROTECTED]| | | rg | | | Sent by: | | | bounce-exchange-148870@ls| | | .swynk.com | | | | | | | | | 11/30/2001 03:40 PM | | | Please respond to | | | "Exchange Discussions" | | | | |--------+-----------------------------------> >--------------------------------------------------------------------------- ------------------------------------------------------------| | | | To: "Exchange Discussions" <[EMAIL PROTECTED]> | | cc: | | Subject: Question about Antigen @ Badtrans | >--------------------------------------------------------------------------- ------------------------------------------------------------| Hello Kelly..... I am using the Antigen Product version 6.2 running on Windows 2000 Advanced Server with Exchange 5.5 Service Pack 4. I am using the Mcafee 4x and Sophos scanning engines. Updated this morning at 5am. I am running Norton Antivirus on the local machine (also updated this morning). I received an email today from "Paul Brunton" at this address <[EMAIL PROTECTED]> from this server: Received: from e1h2p64.scotland.net ([148.176.234.65] helo=aol.com) by smtp.scotland.net with smtp (Exim 3.33 #1) The email appears to be infected with the Badtrans virus: "Norton AntiVirus removed the attachment: Unknown0289.data. The attachment was infected with the W32.Badtrans.B@mm virus." It was coded to take advantage of a Mime vunerability because it attempted to download a file after simply clicking on the mail. I have two questions. First, Do I have something configured incorrectly on my Exchange Server that kept it from detecting this virus? Second, Does anyone know how I can dissect this infected message further to determine exactly what the message is trying to do? Thanks. Murphy _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
