Check the following link to Microsoft:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/topics/Nimda.asp
John Tolmachoff, Network Engineer
211 E. Imperial Hwy., Suite 106
Fullerton, CA� 92835
714-578-7999, ext. 104
[EMAIL PROTECTED]
www.reliancesoft.com
�
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Thursday, September 20, 2001 8:11 AM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] New widespread virus: W32/Nimda-A; arrives
wit h readme.exe attachment
>Is there anyone out there having this problem that is not running IIS
on
>their IMail box? We got hit on Tuesday like everyone else, but IMail
runs on
>a server by itself. No IIS.
Do you mean "hit" as in you got infected, or "hit" as in web hits to
your
server from the virus? Both can happen.
The web hits are normal, and do not mean that you are infected. Nimda
doesn't know what web server you are running, so it will happily try all
its attacks on whatever webserver you are running. If you are not
running
IIS, you shouldn't be in any danger (as far as I have heard).
If you were "hit" as in infected, that could have happened in many
ways. This virus can spread through file shares, opening an infected
E-mail, or browsing a web site (client-side attacks).
> I am seeing a lot of malformed header requests
>in the logs and some BRO*.tmp files in my spool directory. It is
causing web
>messaging to crawl, but other than that I have not seen what everyone
else
>seems to be seeing. No other characteristics of the Nimda virus...
Then it sounds like you are not infected, but Nimda wants to infect
you. You are pretty safe though, at least from the server-side attacks.
>Ipswitch support was quick to point the finger at the Nimda virus and
said
>to run a virus program and reload the web template files to fix it and
that
>has done nothing to help.
They are not experts on viruses. If they were, they would have
mentioned
that if the only sign of a problem is those incoming web requests, it is
simply other infected servers trying (unsuccessfully) to infect yours.
>I even went ahead and made the upgrade to v.7.03
>last night and no progress.
That's right. No version of IMail or any mail or web server can reduce
DoS
attacks.
>Anyone else seeing these BRO*.tmp files or is it just me?
Those are just temporary files that web messaging uses, usually when it
is
creating pages to return back to the user. It probably is creating
those
as error messages that it is sending back to all those Nimda infected
computers.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
