Yes, but it should not be getting thru. 1. doing a host boss.com doesn't work. 2. this virus has been out for awhile and should of been picked up by RAV Antivirus. 3. McAfee should of also picked it up at the Imail server. Both virus scan are up to date.
----- Original Message ----- From: "Keith Kikta" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 10, 2003 11:37 AM Subject: [IMGate] Re: no log for virus slipping by > We are getting a ton of virii comming for [EMAIL PROTECTED] as well. > At 11:24 AM 3/10/2003 -0600, you wrote: > > >My boss told me that he got the W32/[EMAIL PROTECTED] virus this morning thru a pif > >attachment. > >I looked thru the logs to find out how if could of gotten thru but I can't > >figure it out. > >looking at the maillog from the mailgate machine I see nothing. > >Looking at the logs from Imail I see this. > > > >03:10 09:27 SMTPD(00C701C4) [66.82.181.80] MAIL FROM: <[EMAIL PROTECTED]> > >03:10 09:27 SMTP-(00000460) processing C:\IMail\spool\Qaeef00d90254f029.SMD > >03:10 09:27 SMTP-(00000460) Trying 10.25.1.14 (1) > >03:10 09:27 SMTP-(00000460) Connect 10.25.1.14 [10.25.1.14:25] (0) > >03:10 09:27 SMTP-(00000460) 220 mailgate.mydomain.com ESMTP Postfix > >03:10 09:27 SMTP-(00000460) >EHLO mydmain.com > >03:10 09:27 SMTPD(00C701C4) [66.82.181.80] RCPT TO: <[EMAIL PROTECTED]> > >03:10 09:27 SMTP-(00000460) 250-mailgate.mydomain.com > > > >I don't get it. we have RAV antivirus running on the mailgate box and Mcafee > >running on the Imail box and none of them picked it up. > >I search thru my logfiles of the mailgate machine for [EMAIL PROTECTED] and the > >ip address 66.82.181.80, but got nothing. > > > >Is it possible that someone inside the network is infected and that's why it > >never made it to the mailgate? > >Also, in the above log, I see > >03:10 09:27 SMTP-(00000460) Trying 10.25.1.14 (1) > >03:10 09:27 SMTP-(00000460) Connect 10.25.1.14 [10.25.1.14:25] (0) > >03:10 09:27 SMTP-(00000460) 220 mailgate.mydomain.com ESMTP Postfix > >Shouldn't that show in the maillog? > > > >Thanks. > > Keith J. Kikta > [EMAIL PROTECTED] > voice: 1.800.697.7088 > fax: 713.868.2268 > http://www.iland.com - iland Internet Solutions Corporation > > ---------- > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, re-transmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from any > computer. >
