My boss told me that he got the W32/[EMAIL PROTECTED] virus this morning thru a pif attachment. I looked thru the logs to find out how if could of gotten thru but I can't figure it out. looking at the maillog from the mailgate machine I see nothing. Looking at the logs from Imail I see this.
03:10 09:27 SMTPD(00C701C4) [66.82.181.80] MAIL FROM: <[EMAIL PROTECTED]> 03:10 09:27 SMTP-(00000460) processing C:\IMail\spool\Qaeef00d90254f029.SMD 03:10 09:27 SMTP-(00000460) Trying 10.25.1.14 (1) 03:10 09:27 SMTP-(00000460) Connect 10.25.1.14 [10.25.1.14:25] (0) 03:10 09:27 SMTP-(00000460) 220 mailgate.mydomain.com ESMTP Postfix 03:10 09:27 SMTP-(00000460) >EHLO mydmain.com 03:10 09:27 SMTPD(00C701C4) [66.82.181.80] RCPT TO: <[EMAIL PROTECTED]> 03:10 09:27 SMTP-(00000460) 250-mailgate.mydomain.com I don't get it. we have RAV antivirus running on the mailgate box and Mcafee running on the Imail box and none of them picked it up. I search thru my logfiles of the mailgate machine for [EMAIL PROTECTED] and the ip address 66.82.181.80, but got nothing. Is it possible that someone inside the network is infected and that's why it never made it to the mailgate? Also, in the above log, I see 03:10 09:27 SMTP-(00000460) Trying 10.25.1.14 (1) 03:10 09:27 SMTP-(00000460) Connect 10.25.1.14 [10.25.1.14:25] (0) 03:10 09:27 SMTP-(00000460) 220 mailgate.mydomain.com ESMTP Postfix Shouldn't that show in the maillog? Thanks.
