> > >20020305 224923 Info - 192.168.1.1 GET /scripts/root.exe?/c+dir
> HTTP/1.0.
> > >20020305 224924 Info - 192.168.1.1 GET /MSADC/root.exe?/c+dir HTTP/1.0.
>
> > There are the sign of a virus trying to infect your web server. However,
> > IMail can't be infected, only IIS can. This ends up instead being a DoS
> > attack, causing higher load on the mailserver.
>
>So what is the virus trying to do? I don't understand these commands but
>I see a
>bunch of them in the log.
They are trying to infect your mailserver. Specifically, they are using
known holes in IIS security to upload a virus that would then be
run. However, since you are using IMail to answer the web queries, you can
not get infected.
>So as long as the client PC is connected to the Net this is problem
>because the
>virus will bang on the iMail Server even if the client PC isn't logged
>into WEB
>Messaging?
That's correct. It it probably someone who isn't even a customer of
yours. For example, if our web server got infected, it could then start
sending all those requests to your server. Our web server wouldn't know or
care that whether you use IMail's web messaging or IIS or Apache or
whatever; it just sends the requests, hoping to infect the server.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
