Prolly a remnant of the virus -from what I have seen, we have been cleaning
rather than just deleting the files. I mailed you and one of the managers
under seperate cover.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-K.Borndale
Network Administrator
Sybari Software
631.630.8569 -direct dial
631.439.0689 -fax
http://www.sybari.com
"One man's ceiling is another man's floor"
|--------+----------------------------------->
| | [EMAIL PROTECTED]|
| | rg |
| | Sent by: |
| | bounce-exchange-148870@ls|
| | .swynk.com |
| | |
| | |
| | 11/30/2001 04:14 PM |
| | Please respond to |
| | "Exchange Discussions" |
| | |
|--------+----------------------------------->
>---------------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: "Exchange Discussions" <[EMAIL PROTECTED]>
|
| cc:
|
| Subject: RE: Question about Antigen @ Badtrans
|
>---------------------------------------------------------------------------------------------------------------------------------------|
This is the Norton text?
"Norton AntiVirus removed the attachment: Unknown0289.data.
The attachment was infected with the W32.Badtrans.B@mm virus."
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 3:12 PM
To: Exchange Discussions
Cc: [EMAIL PROTECTED]
Subject: RE: Question about Antigen @ Badtrans
To answer your other questions:
I only run Antigen on the Exchange Server. Nothing else.
Norton runs on my desktop and "found" and "cleaned" the virus. Which means
it somehow made it through the Internet and Realtime scan jobs.
I'm not trying to point fingers.... Maybe I have something configured
wrong.
Not the first time...and won't be the last.
Also, When Antigen removes the virus does it "not" remove the Mime
vunerability also? If it had not been for Norton on my local PC I could
have been infected (assuming I did not have the Hotfix from Microsoft :) ))
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 3:06 PM
To: Exchange Discussions
Cc: [EMAIL PROTECTED]
Subject: Re: Question about Antigen @ Badtrans
Do you have Antigen set to scan Inbound and Outbound? I *know* we are
picking up Badtrans -we have gotten more than enough copies of it picked up
here. Did the logs show that you were picking up anything at all? Also,
did it say "cleaned" the file? The Norton might be picking up on that, as
well - a cleaned file. You aren't using the file (NAV) scanner on the
Exchange directories, are you?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-K.Borndale
Network Administrator
Sybari Software
631.630.8569 -direct dial
631.439.0689 -fax
http://www.sybari.com
"One man's ceiling is another man's floor"
|--------+----------------------------------->
| | [EMAIL PROTECTED]|
| | rg |
| | Sent by: |
| | bounce-exchange-148870@ls|
| | .swynk.com |
| | |
| | |
| | 11/30/2001 03:40 PM |
| | Please respond to |
| | "Exchange Discussions" |
| | |
|--------+----------------------------------->
>
---------------------------------------------------------------------------
------------------------------------------------------------|
|
|
| To: "Exchange Discussions" <[EMAIL PROTECTED]>
|
| cc:
|
| Subject: Question about Antigen @ Badtrans
|
>
---------------------------------------------------------------------------
------------------------------------------------------------|
Hello Kelly.....
I am using the Antigen Product version 6.2 running on Windows 2000 Advanced
Server with Exchange 5.5 Service Pack 4.
I am using the Mcafee 4x and Sophos scanning engines. Updated this morning
at 5am.
I am running Norton Antivirus on the local machine (also updated this
morning).
I received an email today from "Paul Brunton" at this address
<[EMAIL PROTECTED]> from this server:
Received: from e1h2p64.scotland.net ([148.176.234.65] helo=aol.com) by
smtp.scotland.net with smtp (Exim 3.33 #1)
The email appears to be infected with the Badtrans virus:
"Norton AntiVirus removed the attachment: Unknown0289.data.
The attachment was infected with the W32.Badtrans.B@mm virus."
It was coded to take advantage of a Mime vunerability because it attempted
to download a file after simply clicking on the mail.
I have two questions. First, Do I have something configured incorrectly on
my Exchange Server that kept it from detecting this virus?
Second, Does anyone know how I can dissect this infected message further to
determine exactly what the message is trying to do?
Thanks.
Murphy
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
