Sounds like Trend is able to keep up with NAI ;) We have been using WebShield SMTP and it has not been fooled. We block everything executable under the sun since the creation of the sun. We are blocking at a rate of 2-3 a minute; first with content filtering and lately with the Extra.dat file that they supplied for both versions.
Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -----Original Message----- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:33 PM To: Powell, Ken Subject: Re: Alert: W32/Myparty-mm on the loose Trend Scanmail 6.0 nailed it, blocking .com's and it was not fooled, stped it as early as 22:00 on the 27th. ----- Original Message ----- From: "Martin Blackstone" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 8:22 AM Subject: RE: Alert: W32/Myparty-mm on the loose > Also another classic example of what a POS Mcafee is. They are saying they > will release a DAT for it on the 30th.... > > -----Original Message----- > From: Couch, Nate [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:21 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Most of the systems I am monitoring are blocking it as a VBS script. > > Nate Couch > EDS Messaging > > -----Original Message----- > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:36 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > trend has just launched pattern 212 > > -----Original Message----- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: 28 January, 2002 3:20 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. NAV for > exchange caught it by the .COM extension, and norton had just liveupdated us > an hour earlier with the new definitions that would have caught it if it > wasn't a blocked extension. I think the syntax of the attachment code is > probably not RFC compliant. > > Tom > > -----Original Message----- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > take forever to combat from a social engineering standpoint. It's probably > worth investing some time in user education on .com files because I think > this is going to be a new favorite virus writing style for the next few > months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -----Original Message----- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -----Original Message----- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new mass > mailer in your mail systems. This is a pure social engineering attack, it > contains an attachment named as a URL with a .com extension. Since .com is > also an application, it will be run as such if its double-clicked on. Check > with your AV company for updates and/or filtering criteria. If you can, be > sure you have attachment filtering enabled at your mail gateway. Outlook > Email Security Update, and Outlook 2002, both catch this attachment and > prevent it from being available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
