This would work if Domain processing rules worked. But last I knew they
don't.
RULES FOR NIMDA
B~"file=readme.eml":NUL
B~"file=readme.exe":NUL
The only other option is to dump these in ALL the users mailboxes.
----- Original Message -----
From: "J.R. Dobyns" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 19, 2001 11:55 AM
Subject: RE: [IMail Forum] New widespread virus: W32/Nimda-A; arrives wit h
readme.exe attachment
> Can this be blocked by Imail's domain processing rules?
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff
> Sent: Tuesday, September 18, 2001 8:16 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] New widespread virus: W32/Nimda-A; arrives
> wit h readme.exe attachment
>
>
> This is of concern primarly to IIS 4 & 5. Windows 2000 SP2 covers the
> patch.
>
> John Tolmachoff, Network Engineer
>
> 211 E. Imperial Hwy., Suite 106
> Fullerton, CA 92835
> 714-578-7999, ext. 104
> [EMAIL PROTECTED]
> www.reliancesoft.com
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Bryson, Laura
> Sent: Tuesday, September 18, 2001 1:42 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [IMail Forum] New widespread virus: W32/Nimda-A; arrives
> wit h readme.exe attachment
>
> >From Symantec's web site
> (http:[EMAIL PROTECTED])
> "W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple
> methods to spread itself. The worm sends itself out by email, searches
> for open network shares, and attempts to copy itself to unpatched
> Microsoft IIS web servers. The worm does this using the Unicode Web
> Traversal exploit. A patch and information regarding this exploit can be
> found at
> http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.
> Users visiting compromised Web servers will be prompted to download an
> .eml (Outlook Express) email file, which contains the worm as an
> attachment.
> Also, the worm will create an open network share on the infected
> computer, allowing access to the system."
> /ljb
> -----Original Message-----
> From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 12:39 PM
> To: [EMAIL PROTECTED]
> Subject: [IMail Forum] New widespread virus: W32/Nimda-A; arrives with
> readme.exe attachment
>
> FYI, Sophos has just alerted us to a new virus that is apparently
> spreading
> very quickly, called W32/Nimda-A. Not much information is available
> yet. Apparently, it uses an attachment called "readme.exe".
> -Scott
> ---
> Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
> IMail. http://www.declude.com
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
