This is the Norton text? "Norton AntiVirus removed the attachment: Unknown0289.data. The attachment was infected with the W32.Badtrans.B@mm virus."
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:12 PM To: Exchange Discussions Cc: [EMAIL PROTECTED] Subject: RE: Question about Antigen @ Badtrans To answer your other questions: I only run Antigen on the Exchange Server. Nothing else. Norton runs on my desktop and "found" and "cleaned" the virus. Which means it somehow made it through the Internet and Realtime scan jobs. I'm not trying to point fingers.... Maybe I have something configured wrong. Not the first time...and won't be the last. Also, When Antigen removes the virus does it "not" remove the Mime vunerability also? If it had not been for Norton on my local PC I could have been infected (assuming I did not have the Hotfix from Microsoft :) )) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:06 PM To: Exchange Discussions Cc: [EMAIL PROTECTED] Subject: Re: Question about Antigen @ Badtrans Do you have Antigen set to scan Inbound and Outbound? I *know* we are picking up Badtrans -we have gotten more than enough copies of it picked up here. Did the logs show that you were picking up anything at all? Also, did it say "cleaned" the file? The Norton might be picking up on that, as well - a cleaned file. You aren't using the file (NAV) scanner on the Exchange directories, are you? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -K.Borndale Network Administrator Sybari Software 631.630.8569 -direct dial 631.439.0689 -fax http://www.sybari.com "One man's ceiling is another man's floor" |--------+-----------------------------------> | | [EMAIL PROTECTED]| | | rg | | | Sent by: | | | bounce-exchange-148870@ls| | | .swynk.com | | | | | | | | | 11/30/2001 03:40 PM | | | Please respond to | | | "Exchange Discussions" | | | | |--------+-----------------------------------> >--------------------------------------------------------------------------- ------------------------------------------------------------| | | | To: "Exchange Discussions" <[EMAIL PROTECTED]> | | cc: | | Subject: Question about Antigen @ Badtrans | >--------------------------------------------------------------------------- ------------------------------------------------------------| Hello Kelly..... I am using the Antigen Product version 6.2 running on Windows 2000 Advanced Server with Exchange 5.5 Service Pack 4. I am using the Mcafee 4x and Sophos scanning engines. Updated this morning at 5am. I am running Norton Antivirus on the local machine (also updated this morning). I received an email today from "Paul Brunton" at this address <[EMAIL PROTECTED]> from this server: Received: from e1h2p64.scotland.net ([148.176.234.65] helo=aol.com) by smtp.scotland.net with smtp (Exim 3.33 #1) The email appears to be infected with the Badtrans virus: "Norton AntiVirus removed the attachment: Unknown0289.data. The attachment was infected with the W32.Badtrans.B@mm virus." It was coded to take advantage of a Mime vunerability because it attempted to download a file after simply clicking on the mail. I have two questions. First, Do I have something configured incorrectly on my Exchange Server that kept it from detecting this virus? Second, Does anyone know how I can dissect this infected message further to determine exactly what the message is trying to do? Thanks. Murphy _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
