> > > >20020305 224923 Info - 192.168.1.1 GET /scripts/root.exe?/c+dir
> > HTTP/1.0.
> > > >20020305 224924 Info - 192.168.1.1 GET /MSADC/root.exe?/c+dir HTTP/1.0.
> >
> > > There are the sign of a virus trying to infect your web server. However,
> > > IMail can't be infected, only IIS can. This ends up instead being a DoS
> > > attack, causing higher load on the mailserver.
> >
> >So what is the virus trying to do? I don't understand these commands but
> >I see a
> >bunch of them in the log.
>
> They are trying to infect your mailserver. Specifically, they are using
> known holes in IIS security to upload a virus that would then be
> run. However, since you are using IMail to answer the web queries, you can
> not get infected.
>
> >So as long as the client PC is connected to the Net this is problem
> >because the
> >virus will bang on the iMail Server even if the client PC isn't logged
> >into WEB
> >Messaging?
>
> That's correct. It it probably someone who isn't even a customer of
> yours. For example, if our web server got infected, it could then start
> sending all those requests to your server. Our web server wouldn't know or
> care that whether you use IMail's web messaging or IIS or Apache or
> whatever; it just sends the requests, hoping to infect the server.
Also in the log I see a ton of these entries
20020307 081359 Info - 192.168.1.6 GET / HTTP/1.0.
Which are coming from the iMail server. What do these entries indicate?
And thanks to everyone for the help.
Dan
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
