I must say that this virus took us by surprise; the former mail admin had a group alias setup to send mail to everyone on the list, and didn't setup any kind of security. Unfortunately, this virus went through the mbx files that Eudora uses and found an e-mail with the group alias in it. Needless to say EVERYONE in my company got a copy of the virus, and it just so happen that it picked someone from accounting to spoof, out of the 100+ users I have using e-mail only 5 were tricked into opening it and executing the file, we had a semi fix with in 30 min (I say semi because we weren't sure what it did)
This has shown that user education works well with a good virus checker and declude. AVG and Clam missed it incoming and I didn't have BANEXTZIP on and still I only had 5 infections. We did get on the PA when we realized what had happened (or rather had the secretary get on the PA) and ask everone not to open e-mail for about 30 min while we sorted things out and got filters in place. I would like to thank Scott for Declude and John for the filters until I had some updates. Really saved my butt, spent the morning in higher ups office answering questions to how it got in, how many infections etc. Thanks! I owe yall one! The Other Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, August 09, 2004 3:14 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Strange new e-mail The point was that it is best to subscribe to the Declude Virus list to get the most out of the use of Declude Virus. John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > [EMAIL PROTECTED] On Behalf Of Samuel J Stanaitis > Sent: Monday, August 09, 2004 12:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] Strange new e-mail > > I guess that'd be no news to someone on the Declude list then. > > But as I'm not... > > A big THANK YOU to R.Scott Perry for graciously posting the information > earlier. I owe that guy a few rounds at this point! > > Sam > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff > (Lists) > Sent: Monday, August 09, 2004 2:20 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] Strange new e-mail > > That function has been discussed at length on the Declude Virus list. > > It is called BANZIPEXTS > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > > [EMAIL PROTECTED] On Behalf Of Chris Patterson > > Sent: Monday, August 09, 2004 11:04 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [IMail Forum] Strange new e-mail > > > > I am using Declude virus as well, it is allowing them through. > > > > Is there a setting that I am missing to block .exe's within Zips? > > > > Thanks, > > > > Chris Patterson, CCNA > > Network Engineer > > > > > > > > > > -----Original Message----- > > From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] > > Sent: Monday, August 09, 2004 1:26 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [IMail Forum] Strange new e-mail > > > > I am getting these to. Thankfully, Declude Virus is blocking them by > > banned > > exe attachment within a zip file. > > > > Must be a new virus. > > > > John Tolmachoff > > Engineer/Consultant/Owner > > eServices For You > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > > > [EMAIL PROTECTED] On Behalf Of Scott Heath > > > Sent: Monday, August 09, 2004 9:32 AM > > > To: [EMAIL PROTECTED] > > > Subject: [IMail Forum] Strange new e-mail > > > > > > I haven't had a chance to do much research but my users (including me) > > are > > > getting attachments with New Price.zip > > > > > > Anyone hear of this? AVG/Declude and ASSP/Sophos let it through. > > > > > > I'm off to clean machines I think. > > > > > > Scott > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
