Matt wrote:
Nick,
You're always trying to mess with me.
True. You are an easy target!
Since it appears that you want for me to give my 2 cents, here it is.
Thanks for the analysis. All I could tell was it seemed strange.
-Nick
Definitely malware. I received a copy myself at about
let's see. if your files are filling up in your spool,
seems to me that declude doesn't have anything to do with
it.
the operating theory of declude is as follows (copied from
declude web site)
Email-IN - Mail Server - declude.exe - Proc -
decludeproc.exe -work- spool - Mail Server -
Hi,
I have noticed that I am getting left over
D*.SM$ files in the proc\work directory. I am getting 2 to 4 of these per day
on a volume of 15-20K messages a day.
Windows Server 2003
IMail 8.15 HF2
Declude 3.0.5.23
Sniffer, invURUBL, F-Prot, McAfee
No on access Virus Scanner
How often is this happening?
Are you using Hijack?
Put both the Junkmail and Virus logs
into Debug until a couple of these occur, then extract from the log files ALL
lines pertaining to the files in question into one file in exact time sequence
along with the log lines from Imail
How often is this happening?
2 to 4 of these per day on a volume of
15-20K messages a day
Are you using Hijack?
No
Put both the Junkmail and Virus logs
into Debug until a couple of these occur, then extract from the log files ALL
lines pertaining to the files in question into
Checking with http://virusscan.jotti.org shows:
File: newyears.scr
Status: INFECTED/MALWARE
MD5 a4b0c8e03cc266d3500eb515f616a6d2
Packers detected: PESPIN
Scanner results
AntiVir Found Packer/PESpin packer
ArcaVir Found nothing
Avast Found nothing
AVG
I see the same thing.
A few left behind almost every day.
H.
Goran Jovanovic wrote:
Hi,
I have noticed that I am getting left over D*.SM$ files in the
proc\work directory. I am getting 2 to 4 of these per day on a volume
of 15-20K messages a day.
Windows Server 2003
IMail 8.15
