WebshieldSMTP caught it as Exploit-MIME.gen. Antigen with the 2 CA Engines enabled are usually the only ones that I can get to catch the exploit. Sybari has also added this to their worm list, so that may improve.
--jim -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 1:54 PM To: Exchange Discussions Subject: RE: Possible New Virus? No, I really meant which product. I have VirusScan on the desktops with the 4206 dats, and the NAI engine running under Antigen on the Exchange server, also with the 4206 dats, and neither of those caught it. To be honest though I don't think any of the few people who received it tried to run it, nor did it run itself on those machines, so maybe VirusScan never had a chance to catch it. -Peter -----Original Message----- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 10:42 To: Exchange Discussions Subject: RE: Possible New Virus? Your answer/question might be better if phrased: "Which DAT version." Run the latest DAT, with that the Webshield 54sp1a product I run before my exch server picks it up. bill -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 1:10 PM To: Exchange Discussions Subject: RE: Possible New Virus? Which McAfee product found it as Exploit-MIME? -Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 8:54 To: Exchange Discussions Subject: RE: Possible New Virus? We have been seeing it for a couple of days. McAfee has been reporting it as Exploit-MIME.gen. I just got something from Sophos giving it the name that John reported it as. It has been showing up quite a lot lately. Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -----Original Message----- From: John Steniger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 11, 2002 10:23 AM To: Exchange 5.5 List Subject: RE: Possible New Virus? Appears to be a Frethem Worm. From Norton: http:[EMAIL PROTECTED] l John J. Steniger Network and Security Manager Familymeds, Inc. Phone: 860-676-1222 X633 Email: [EMAIL PROTECTED] http://www.familymeds.com > -----Original Message----- > From: Durkee, Peter [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 11, 2002 1:22 PM > To: Exchange Discussions > Subject: Possible New Virus? > > > Hi All, > I've seen several messages coming in this morning with the > subject line Re: Your Password!, an attachment named > decrypt-password.exe, and the same Content-Type: audio/x-midi > that Klez uses to auto-run. The messages are 50k or so in > size. Is anyone else seeing this? My usual virus info sources > don't have anything on it. > > -Peter > > > ______________________________________________ > This message is private or privileged. If you are not the > person for whom this message is intended, please delete it > and notify me immediately, and please do not copy or send > this message to anyone else. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
