Wow... people still use killfiles??? ;-)
> -----Original Message-----
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 5:34 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
>
>
> Yeah it does matter. The message you got from SANS does not
> appear to come
> from this list. There is *no* message like that in my
> exchange public folder
> that is subscribed to the list. It has not been intercepted
> at my AV mail
> gateway.
>
> This means 1 of 2 things
>
> 1) I can't read a public folder.
> 2) You don't actually know where the message you got came from.
>
> I tend to go with 2) (funnily enough) and considering your knee-jerk
> reaction to act like chicken little without proper checking
> of the facts,
> means the some of the 2000+ sys admins of this list may well
> of wasted time
> , just like I have , checking for a file that was supposed to
> of entered
> their mail servers that was infected and never detected by
> their AV product.
>
> So before you waste our time again, sod off, do some research
> and get your
> facts right, don't waste our time.
>
> Oh and congratulations you have made my killfile, no doubt I
> have made yours
> :-)
>
>
> -----Original Message-----
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 2:25 p.m.
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
>
>
> Does it matter? I was fairly busy between the readme.txt and
> the W32.Nimda
> to not worry about the specifics. If it came from SANS,
> that's where it came
> from. I'm sorry if that offends you but what can I do?
> Actually, since I got
> it off this list, why don't you analyze it and tell us what you find.
>
> Greg
>
>
> -----Original Message-----
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 10:01 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
>
>
> So you actually looked at the smtp source and saw that it
> actually had the
> attachment in the email and not just a fragment?
>
> -----Original Message-----
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 1:55 p.m.
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
>
>
> It's not a rumor, it's what happened. That this e-mail got to
> one of their
> people and propagated is disturbing. Antigen caught it at my
> GW and didn't
> send it anywhere. What's there excuse?
>
> Greg
>
>
> -----Original Message-----
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 9:19 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
>
>
> Careful before spreading such a rumor, the detecters may well be
> oversensiitve at this point. McAffee did the same to me
> *because* a guy had
> posted to the mailing lust and email containing a portion of the
> javascript. I would suggest considering the source of teh
> messaging being
> blocked, that it is like they the message was benign and they
> too had a
> portion of code in it that set the alarm bells off.
>
> regards
> Dean
>
> -----Original Message-----
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 12:49 p.m.
> To: NT System Admin Issues
> Subject: Well, this is reassuring...
>
>
>
> Antigen for Exchange found readme.exe infected with
> JScript/Nimda.A.Worm
> (CA(InoculateIT)) worm. The message is currently Purged. The
> message, "SANS
> NewsBites Vol. 3 Num. 38", was sent from The SANS Institute and was
> discovered in IMC Queues\Inbound located at
> ORGANIZATION/SITE-1/ALEXAPP001.
>
>
>
> Greg
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
> ***************************************************
> This e-mail is not an official statement of the
> Waikato Regional Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***************************************************
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> ***************************************************
> This e-mail is not an official statement of the
> Waikato Regional Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***************************************************
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> ***************************************************
> This e-mail is not an official statement of the
> Waikato Regional Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***************************************************
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
